Thread: [Mixmaster-devel] some questions
Brought to you by:
weaselp
From: Bryan L. F. <bfo...@so...> - 2002-06-27 13:37:33
|
I've been a bit out of the loop recently, so forgive me if I've missed some emails on this First, what's the status on the interremailer protocol? Next up: Has any progress been made on the "remailer in a can"? This seems like a neat idea, but I haven't seen anything on it lately. I've been pondering making mix accessible to more people/programs. One thig I've thought of is building a simple smtp-like daemon that someone can use any email program to send messages to. The daemon will then take that message, format it properly (say, a remail request w/ 2 hops) and send it to mix for processing. Does this make sense? Is it a good idea or not? I seem to recall someone mentioning something like this before (or maybe I'm dreaming). What I think would be neat is a smtp/imap type combo that can handle nyms with any MUA. I want to get involved again in the remailer community, especially because of all the fun laws going through (the US) congress. I'm just waiting to be labelled a threat to national security... 8) --B sushi for everyone http://socialistsushi.com |
From: Len S. <ra...@qu...> - 2002-07-10 01:20:55
|
On Thu, 27 Jun 2002, Bryan L. Fordham wrote: > I've been a bit out of the loop recently, so forgive me if I've missed > some emails on this > > First, what's the status on the interremailer protocol? Early work on a new remailer mix protocol is being done, and the inter-remailer protocol is part of that. I'll have more to say about this after DEFCON. As far as remailer accessibility goes -- have a look at the Java app that Gerard Toonstra is working on. That will make web-based remailer hosting a lot nicer. (I'll have that up in CVS shortly). --Len. |
From: Bryan L. F. <bfo...@so...> - 2002-07-10 03:11:25
|
Len Sassaman wrote: >Early work on a new remailer mix protocol is being done, and the >inter-remailer protocol is part of that. I'll have more to say about this >after DEFCON. > Nice. When is DEFCON? I won't be going and so I'm wondering how long the wait will be 8) >As far as remailer accessibility goes -- have a look at the Java app that >Gerard Toonstra is working on. That will make web-based remailer hosting a >lot nicer. > >(I'll have that up in CVS shortly). > That's cool. Though I'm curious: why can't you just have a script that pipes messages to the remailer? Or is that what the app does? I haven't looked yet; maybe I should hold my questions until after.... 8) --B socialistsushi.com Sushi for Everyone |
From: Len S. <ra...@qu...> - 2002-07-10 04:15:44
|
On Tue, 9 Jul 2002, Bryan L. Fordham wrote: DEFCON is at the very begining of next month. > That's cool. Though I'm curious: why can't you just have a script that > pipes messages to the remailer? Or is that what the app does? I > haven't looked yet; maybe I should hold my questions until after.... 8) Simple: chain formation and message encryption must be done on the client, or else you are putting all your trust in the first hop (the web gateway). Currently there is a nice web interface in the form of a cgi script that was written by the Chicago admin -- I think he is still running the web gateway. Easy to use and convenient, but you have to trust that webserver completely. |
From: Bryan L. F. <bfo...@so...> - 2002-07-10 04:28:28
|
Len Sassaman wrote: >>That's cool. Though I'm curious: why can't you just have a script that >>pipes messages to the remailer? Or is that what the app does? I >>haven't looked yet; maybe I should hold my questions until after.... 8) >> >> > >Simple: chain formation and message encryption must be done on the client, >or else you are putting all your trust in the first hop (the web gateway). > > I assume then you get this applet and it encrypts the messages for you before sending it to the first hop? Makes sense, but I don't really see that as being any more secure than the cgi version sending it to mix to be encrypted -- you still have to trust the webserver. It would be pretty simple to change the applet to send the message in the clear to a second address. I guess some may feel better about one version or another, so it's good to have options. --B socialistsushi.com Sushi for Everyone |
From: Len S. <ra...@qu...> - 2002-07-10 04:43:55
|
On Wed, 10 Jul 2002, Bryan L. Fordham wrote: > I assume then you get this applet and it encrypts the messages for you > before sending it to the first hop? Makes sense, but I don't really see > that as being any more secure than the cgi version sending it to mix to > be encrypted -- you still have to trust the webserver. It would be > pretty simple to change the applet to send the message in the clear to a > second address. I guess some may feel better about one version or > another, so it's good to have options. Well, the java applet is auditable, whereas the server-side scripts aren't. You could put a sniffer on your network and see if the applet is sending anything it shouldn't be. You could have a canonical jar file that is code-signed by the author, that all the webservers would use. There are ways of achieving varying degrees of trust in this system that are not present in the other. I'll have more to say about this after DEFCON, when I will have more free time. |
From: Bryan L. F. <bfo...@so...> - 2002-07-10 04:52:10
|
Len Sassaman wrote: >Well, the java applet is auditable, whereas the server-side scripts >aren't. You could put a sniffer on your network and see if the applet is >sending anything it shouldn't be. You could have a canonical jar file that >is code-signed by the author, that all the webservers would use. There are >ways of achieving varying degrees of trust in this system that are not >present in the other. > > All very good points. --B socialistsushi.com Sushi for Everyone |