At 12:45 PM -0700 2003/10/22, Justin Mason wrote:
But IMO, something like the PGP remailers and/or hushmail are the key
systems to support this form of free speech -- it should *not* be part of
the core SMTP protocol. Here's why:
I disagree. They are an important tool in the toolbox, but alone
they are not sufficient to guarantee the security and privacy of that
connection. Until recently, penet.fi was believed to be a secure
anonymous remailer -- until we found out that they'd been back-doored
by the government. Who knows how many other remailers have already
been back-doored?
Moreover, you don't need to completely back-door the remailer to
compromise them -- you can watch traffic coming in and going out, and
that alone will often tell you enough. And there's no way that the
remailers could prevent people from watching all incoming and
outgoing traffic.
These can be volume-throttled, do not provide spammable bandwidth, or use
CAPTCHAs, so they become useless for bulk mail spamming -- but remain
*very* useful for free speech, since they *are* fully encrypted and
*designed* for whistleblowing activity.
They remain very useful, so long as other options are not
expressly eliminated by the protocol. Once that happens, they become
extremely vulnerable.
--
Brad Knowles, <brad(_dot_)knowles(_at_)skynet(_dot_)be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg