ietf-asrg
[Top] [All Lists]

Re: FW: [Asrg] 0. General

2004-03-30 16:44:46
At 12:45 PM -0700 2003/10/22, Justin Mason wrote:

 But IMO, something like the PGP remailers and/or hushmail are the key
 systems to support this form of free speech -- it should *not* be part of
 the core SMTP protocol.  Here's why:

I disagree. They are an important tool in the toolbox, but alone they are not sufficient to guarantee the security and privacy of that connection. Until recently, penet.fi was believed to be a secure anonymous remailer -- until we found out that they'd been back-doored by the government. Who knows how many other remailers have already been back-doored?

Moreover, you don't need to completely back-door the remailer to compromise them -- you can watch traffic coming in and going out, and that alone will often tell you enough. And there's no way that the remailers could prevent people from watching all incoming and outgoing traffic.

 These can be volume-throttled, do not provide spammable bandwidth, or use
 CAPTCHAs, so they become useless for bulk mail spamming -- but remain
 *very* useful for free speech, since they *are* fully encrypted and
 *designed* for whistleblowing activity.

They remain very useful, so long as other options are not expressly eliminated by the protocol. Once that happens, they become extremely vulnerable.

--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
    -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>