At 3:22 PM -0400 2003/10/22, denny wrote:
Well in part I will say that I have never sent an "Anon" email and
I would like to know just how "Anon" it is *unless* you have some kind
of "Man-in-the-middle" who changes the email headers to hide the sender.
Okay, so for all the pieces of spam you have ever received, tell
me precisely who sent each and every one of them. Hell, just tell me
who sent a random 1% sampling.
UA.o --> [ANON_SMTP_MANGLER] ---> DEST.MTA
where [ANON_SMTP_MANGLER] is a "Black box" to the reciver end but
has an address and can be found, may be more than one server, may
use more than one IP / server to do it's work.
Penet.fi used to be thought of as a secure anonymous re-mailer,
until recently it was discovered that they had been back-doored by
the government. So long as there are a countable number of anonymous
remailers that you are dependant on to provide the only anonymizing
services that exist, they can all be compromised.
so don't the senders of this email need to masq the content with say
PGP at the start??
They may do that, but PGP allows you to sign first, and encrypt
afterwards. That means that the signer is not known, although you
can tell what keys the message was encrypted for. It also allows you
to send encrypted messages that are not signed. But if the sender
can't send the encrypted message anonymously, then all that built-in
privacy is blown.
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg