Re: PKI root signing ceremony, etc.
Rich Salz wrote: >> *shrug* it doesn't retroactively enforce the safety net - but that's >> ok, most MS products don't either :) > The whole point is to enhance common practice, not stay at the lowest > common denominator. If someone has *already* issued a certificate - and ignored the CA flag - is it part of the software's duty to somehow point this out to you? But regardless, as this only applies to imported keys you would never actually see it in Real Life (tm) >> Key management and auditing is pretty much external to the actual >> software regardless of which solution you use I would have thought. > You'd be wrong. :) I did just download and use XCA for a little bit. > It's practically impossible to audit. Every key in the database is > protected with the same password. um, this is a **CA** - you have *one* key in the database, your CA key. It is bad practice to generate the keys on the CA machine and transport them to the server they will be used on - instead, the Cert request should be generated on the end-use machine, and the *request* transported to the CA, signed, and the certificate returned. That way, the private key never leaves the machine it was generated for and used on, and is protected by its own password. > The system ask for the password > as soon as it starts up. If I leave the program running while > I leave my computer, I'm screwed. Then don't leave it running. If you got out of your car but left the engine running, and somebody stole the car, would you blame the design of the car? > The key-holder isn't asked to > confirm each signing -- there's no *ceremony* -- and they never > enter the password after the program starts. For any kind of root > these are all very bad. This is just fine for a root - the root acquires 'n' signing requests, opens the program, signs or rejects the requests as appropriate, then closes the program. It is not the duty of the CA to generate keys or enter certificate information - that is the requestor's problem, which he can do with the tools appropriate to his machine (openssl on almost anything, the built in keygen in IIS and several other webservers, and so forth. I am actually disappointed in XCA (compared to the earlier but awkward to set up OpenCA project) in that no browser-accessable request interface is provided. of course XCA is compatable with importing requests made from OpenCA, and exporting them back into an openCA "pickup" dir. but really it would be nice to be compatable with the interface most key requestors are used to. > XCA is pretty nice for a Level-2 or small Level-1 CA. The template > management, etc., is pretty good. (Having them tied to the key > database, and having the keys be unlocked while making cert requests, > are both real bad ideas, however.) There is no mystical value in having to type a key lots of times. I was just pointing out what other options are out there (I would have pointed out EBCrypt as well, which appears better suited to your current ritual, but its website seems to have vanished)
Re: Don't worry...it's just one of Saddam's doubles
On Dec 14, 2003, at 6:33 PM, Thomas Shaddack wrote: On Sun, 14 Dec 2003, Tyler Durden wrote: Spread the word. The adminstration got desparate. In a few weeks they'll announce this isn't the real Saddam, but that rounding up all of the clones is necessary progress in the fight to get the real Saddam. If I don't remember incorrectly, they said something about identifying him by DNA testing. But it wasn't widely quoted in the mainstream news. How boring. The DNA confirmation was reported on all of the puppet news organizations here. The Germans and Eastern Europeans, being mostly opposed to the war, probably just buried the confirmation. The Czech Republic supported the war, and sent troops, and now that Saddam has been captured, both of them will be returning home, with medals. --Tim May
Re: cpunk-like meeting report
Hi, I've been admiring your and Tim's contributions, and I was wondering if either of you were planning to subscribe to the (new) news list. http://lists.cryptnet.net/mailman/listinfo/cpunx-news Be sure and check the archive before posting. It is still small. Otherwise, if anyone could recommend additional good sources for cypherpunk-related news, I'd be very grateful, because I don't feel right about cross-posting news items to cypherpunks list. I'm already subscribed to the Cryptome rdf channel, Politech, and GNU-Darwin of course. I don't think I'm interesting enough for Interesting People ;-}. Please feel free to write back to me on- or off-list for whatever reason you like. Regards, proclus http://www.gnu-darwin.org/ On 14 Dec, Major Variola (ret.) wrote: > > I went to a meeting of the Irvine Underground (irvineunderground.org) > which reminded me of late-90s SF CP meatings. Although the overall > tech level was probably lower and social implications weren't a big > topic. > Also, at this meeting, there were far more cameras or videocams than > were present (at least overtly :-) at the few CP meats I attended. > However, > nyms were used more than they were (overtly :-) at CP meatings; this may > > have been due to a "introduce yourself" poll. The IU > group seems to be a bit more social, going to movies for instance, than > the > topic-only CPs were. The meeting was held in a room at an IHOP (pancake > restaurant > for furriners) > > The exploit mentioned in > http://www.usatoday.com/tech/news/2003-12-11-microsoft2_x.htm > was demonstrated, we were debriefed on the recent LA 802.11b War Flying > mission > (and the EMI resistance of 1960's era single-engine airplane instruments > :-). > Toorcon organizers were present. About 30+ people > were there, with what appeared to me to be a bimodal distribution of > skills, > some advanced, some admitted unix newbies, etc. There was even > recreational > lock picking. A WiFi LAN, net connectivity through someone's cell phone > eventually. > A video projector. > > I didn't notice persons with exceptional Euler numbers, > though black was definately the color of choice for garments. Ages > appeared > well distributed from undergrad to hoary. One gent noticed a certain > TLA on my > cypherpunks T-shirt and admitted that he had once worked in Ft Meade, > though > he wouldn't say on what :-) > -- Visit proclus realm! http://proclus.tripod.com/ -BEGIN GEEK CODE BLOCK- Version: 3.1 GMU/S d+@ s: a+ C UBOULI$ P+ L+++() E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e h--- r+++ y --END GEEK CODE BLOCK-- [demime 0.97c removed an attachment of type APPLICATION/pgp-signature]
Re: Don't worry...it's just one of Saddam's doubles
On Sun, 14 Dec 2003, Tyler Durden wrote: > Spread the word. The adminstration got desparate. In a few weeks they'll > announce this isn't the real Saddam, but that rounding up all of the clones > is necessary progress in the fight to get the real Saddam. If I don't remember incorrectly, they said something about identifying him by DNA testing. But it wasn't widely quoted in the mainstream news. So even if it really is him - they may still claim he isn't the real McCoy if the insurgency won't stop. The timing is definitely weird. Too soon before the Elections. But there is still the backup, the Lost TV Star, also known as Ossama; whether They intend to announce capturing him, or whether he will be claimed responsible for Something Scary in a psyops attempt to make the voters more susceptible to the beat of the Homeland Security drums.
Re: Don't worry...it's just one of Saddam's doubles
Ahh... but if that were true, why would the US ever admit it? Let's say they run a DNA test and it's not him... why not just say, "We ran a DNA test and it's him!!" That would be a bigger boost for Bush for the coming election. There's still 13 more in the deck of cards - as well as Bin Laden - to use as an excuse to maintain their war on terrorism. - Eric Tully Tyler Durden wrote: Spread the word. The adminstration got desparate. In a few weeks they'll announce this isn't the real Saddam, but that rounding up all of the clones is necessary progress in the fight to get the real Saddam. -TD _ Get holiday tips for festive fun. http://special.msn.com/network/happyholidays.armx
Re: cpunk-like meeting report
On Dec 14, 2003, at 6:07 PM, [EMAIL PROTECTED] wrote: Hi, I've been admiring your and Tim's contributions, and I was wondering if either of you were planning to subscribe to the (new) news list. http://lists.cryptnet.net/mailman/listinfo/cpunx-news Be sure and check the archive before posting. It is still small. No, we don't need a "cpunx-news" list. This is what Google and the ability to see hundreds of various lists and sites is for. "News" lists tend strongly to be just dumping grounds for crap from other lists. Otherwise, if anyone could recommend additional good sources for cypherpunk-related news, I'd be very grateful, because I don't feel right about cross-posting news items to cypherpunks list. I'm already subscribed to the Cryptome rdf channel, Politech, and GNU-Darwin of course. I don't think I'm interesting enough for Interesting People ;-}. I failed the entrance exam for "Interesting People," which is fine, for obvious reasons. --Tim May
Re: cpunk-like meeting report
On 14 Dec, Tim May wrote: > No, we don't need a "cpunx-news" list. This is what Google and the > ability to see hundreds of various lists and sites is for. > > "News" lists tend strongly to be just dumping grounds for crap from > other lists. Yea, and I'll admit that I'm a junky, which is why I made the following pages... http://www.gnu-darwin.org/update.html http://www.gnu-darwin.org/applelists.html More... info., Must have ... more... >> Otherwise, if anyone could recommend additional good sources for >> cypherpunk-related news, I'd be very grateful, because I don't feel >> right about cross-posting news items to cypherpunks list. I'm already >> subscribed to the Cryptome rdf channel, Politech, and GNU-Darwin of >> course. I don't think I'm interesting enough for Interesting >> People ;-}. > > I failed the entrance exam for "Interesting People," which is fine, for > obvious reasons. ROFL! Regards, proclus http://www.gnu-darwin.org/ -- Visit proclus realm! http://proclus.tripod.com/ -BEGIN GEEK CODE BLOCK- Version: 3.1 GMU/S d+@ s: a+ C UBOULI$ P+ L+++() E--- W++ N- !o K- w--- !O M++@ V-- PS+++ PE Y+ PGP-- t+++(+) 5+++ X+ R tv-(--)@ b !DI D- G e h--- r+++ y --END GEEK CODE BLOCK-- [demime 0.97c removed an attachment of type APPLICATION/pgp-signature]
Re: cpunk-like meeting report
On Dec 14, 2003, at 6:53 PM, [EMAIL PROTECTED] wrote: On 14 Dec, Tim May wrote: No, we don't need a "cpunx-news" list. This is what Google and the ability to see hundreds of various lists and sites is for. "News" lists tend strongly to be just dumping grounds for crap from other lists. Yea, and I'll admit that I'm a junky, which is why I made the following pages... http://www.gnu-darwin.org/update.html http://www.gnu-darwin.org/applelists.html More... info., Must have ... more... Lie down and just resist the temptation. The world already has a dozen crypto/cyber rights mailing lists, probably more. And many '"e$", "digibucks," "digital bearer settlement," and "cybercurrency" types of list just from one single person...who also cross-posts to Cypherpunks. I had a friend who created a new high technology company whenever he got bored. Of course, these were not _real_ high tech companies, with actual products and actual profits. Rather, they were "ventures," things that gave him a new business card, "Orion X. Altschluss, President, Plutonic Transgenics, Inc." A few months later, "Director, Corporate Relations, the Galt Foundation." Some people think spinning off new lists whenever they get interested in some area is interesting. Most of these lists fail for obvious reasons. Sometimes a famous person, especially Net famous, creates a vanity list. Hence the "Interesting People" vanity list. This trend seems to be giving way to Blogs, however, as the various net.personalities realize that what they really want is a forum for blogging their message to an attentive audience. I have done nearly all of my writing for Cypherpunks since 1992. I have watched Lewispunks, Perrypunks, various e-rights and digidollars and Geodesic Singularity Lists arise and do whatever they do after they arise. I have joined none of the varous other lists (which are usually "with permission of owner" lists--fuck that). So now we have someone calling himself "Proclus," who has not contributed anything memorable to Cypherpunks, inviting Cypherpunks to join his new "cpunx-news" list. Yawn. Have fun. --Tim May #1. Sanhedrin 59a: "Murdering Goyim (Gentiles) is like killing a wild animal." #2. Aboda Sarah 37a: "A Gentile girl who is three years old can be violated." #3. Yebamoth 11b: "Sexual intercourse with a little girl is permitted if she is three years of age." #4. Abodah Zara 26b: "Even the best of the Gentiles should be killed." #5. Yebamoth 98a: "All gentile children are animals." #6. Schulchan Aruch, Johre Deah, 122: "A Jew is forbidden to drink from a glass of wine which a Gentile has touched, because the touch has made the wine unclean." #7. Baba Necia 114, 6: "The Jews are human beings, but the nations of the world are not human beings but beasts."
Patriot Ants (was: Re: Zombie Patriots and other musings)
On Sat, 13 Dec 2003, John Kelsey wrote: > Of course, there's a more fundamental problem with surrendering to the lone > warriors. Imagine that there's such a wave of pro-life terrorism that we > finally agree to ban abortion. You're a fanatically committed pro-choice > activist. What's your next move? Two moves possible. The violent, far less effective and possibly somehow counterproductive one: attacking the ones who enforce the measurement, by letal or nonlethal means, to act as deterrent. The nonviolent one: developing and deploying the technology necessary for underground clinics to provide higher quality service, and for their clients to find, order and pay for the services without being likely to trace down by the Whateveriscurrentlythelaw Enforcement. Causing bad press for them, keeping public awareness that alternatives to the law-compliance exist. Learning from countries with similar bans in action, both from the present and from history, how the alternatives developed there, and building on this knowledge. Direct attack is not always the best route, however tempting. A house can be brought down from the outside by a bomb, or from the inside by white ants. Insect survival strategies are distributed and largely successful; I am pretty sure we can learn a lot from there. One "Patriot Ant" doesn't have to fight in any big way, doing heroic deeds or big sacrifices; enough people who just provide "samizdat" for few friends, know what files to mirror, when to look away, what to be "unable to remember" when questioned by the Authorities, who know the newsbits that aren't officially reported and tell their friends can make big difference. The strength of Patriot Ants isn't in their individual strength, they don't make headlines - they just eat the System from the inside, one bite at time.
Don't worry...it's just one of Saddam's doubles
Spread the word. The adminstration got desparate. In a few weeks they'll announce this isn't the real Saddam, but that rounding up all of the clones is necessary progress in the fight to get the real Saddam. -TD _ Get holiday tips for festive fun. http://special.msn.com/network/happyholidays.armx
Re: Patriot Ants (was: Re: Zombie Patriots and other musings)
From: Thomas Shaddack <[EMAIL PROTECTED]> > On Sat, 13 Dec 2003, John Kelsey wrote: > > > Of course, there's a more fundamental problem with surrendering to the lone > > warriors. Imagine that there's such a wave of pro-life terrorism that we > > finally agree to ban abortion. You're a fanatically committed pro-choice > > activist. What's your next move? > > Two moves possible. > > The violent, far less effective and possibly somehow counterproductive > one: attacking the ones who enforce the measurement, by letal or nonlethal > means, to act as deterrent. I think you should the word possibly when referring to effectiveness of outcomes. One can never knows until one tries. Every monment in history is unique and the effectiveness of the use of a particular strategy can never be ascertained beforehand. Mine is based on at least two inspirations... "How we burned in the prison camps later thinking: What would things have been like if every security operative, when he went out at night to make an arrest, had been uncertain whether he would return alive?" --Alexander Solzhenitzyn, Gulag Archipelago and Our government... teaches the whole people by its example. If the government becomes the lawbreaker, it breeds contempt for law; it invites every man to become a law unto himself; it invites anarchy. -- Louis D. Brandeis As Americans I'm sure we have been tutored by some of the best. Time to put into practice what we have learned. > > The nonviolent one: developing and deploying the technology necessary for > underground clinics to provide higher quality service, and for their > clients to find, order and pay for the services without being likely to > trace down by the Whateveriscurrentlythelaw Enforcement. Causing bad press > for them, keeping public awareness that alternatives to the law-compliance > exist. Learning from countries with similar bans in action, both from the > present and from history, how the alternatives developed there, and > building on this knowledge. > > Direct attack is not always the best route, however tempting. A house can > be brought down from the outside by a bomb, or from the inside by white > ants. The trouble with this method is that is generally requires a large percentage of the population to actively or passively support a position. This almost always occurs after a situation has become intolerable to the masses. I have no intention in placing my ability to enjoy what I consider my basic rights into the hands of a million Joe Sixpacks and await their enlightenment. "The only freedom which counts is the freedom to do what some other people think to be wrong. There is no point in demanding freedom to do that which all will applaud. All the so-called liberties or rights are things which have to be asserted against others who claim that if such things are to be allowed their own rights are infringed or their own liberties threatened. This is always true, even when we speak of the freedom to worship, of the right of free speech or association, or of public assembly. If we are to allow freedoms at all there will constantly be complaints that either the liberty itself or the way in which it is exercised is being abused, and, if it is a genuine freedom, these complaints will often be justified. There is no way of having a free society in which there is not abuse. Abuse is the very hallmark of liberty." -- Quintin H. Hailsham, The Dilemma of Democracy Get ready for a lot of abuse...
Re: Compromised Remailers
At 06:49 PM 12/13/2003 +0100, some provocateur claiming to be Anonymous wrote: A question for the moment might well be how many if any of the remailers are operated by TLAs? The TLAs have proposed running various anonymizers for China and other countries that have oppressive eavesdroppers. If you go look at past remailer discussions (probably starting with Tim's Cyphernomicon or some of the remailer docs), you'll be reminded that just using one remailer isn't enough if you're worried about it being compromised, though it's usually fine for trolling mailing lists :-) Remailers are secure if at least one remailer in a chain is _not_ compromised, so you not only want to be sure that some of the remailers you chain through are run by good people, but that their machines are likely not to have been cracked, and ideally you use remailers in multiple legal jurisdictions because that reduces the ability of any one government to put pressure on the remailer operators, and increases the chances that if all of the remailers are compromised, at least one of them isn't compromised by someone who's interested in _you_.
Re: Compromised Remailers
On Dec 14, 2003, at 12:40 AM, Bill Stewart wrote: At 06:49 PM 12/13/2003 +0100, some provocateur claiming to be Anonymous wrote: A question for the moment might well be how many if any of the remailers are operated by TLAs? The TLAs have proposed running various anonymizers for China and other countries that have oppressive eavesdroppers. China has proposed to run remailers for use by citizens of nations with laws allowing bureaucrat search warrants (not judges, just civil servants), Patriot Acts, no-knock raids, and concentration camps at Gitmo. If you go look at past remailer discussions (probably starting with Tim's Cyphernomicon or some of the remailer docs), you'll be reminded that just using one remailer isn't enough if you're worried about it being compromised, though it's usually fine for trolling mailing lists :-) Remailers are secure if at least one remailer in a chain is _not_ compromised, so you not only want to be sure that some of the remailers you chain through are run by good people, but that their machines are likely not to have been cracked, and ideally you use remailers in multiple legal jurisdictions because that reduces the ability of any one government to put pressure on the remailer operators, and increases the chances that if all of the remailers are compromised, at least one of them isn't compromised by someone who's interested in _you_. I haven't carefully looked at the current source code (if it's available) for things like "Type II Mixmaster" remailers, things which offer reply-blocks. Certainly for the canonical Cypherpunks remailer, the store-and-forward-after-mixing remailer, the fact that the nested encryption is GENERATED BY THE ORIGINATOR means that interception is useless to a TLA. The most a TLA can do is to a) not forward as planned, resulting in a dropped message, or b) see where a particular collection of random-looking (because of encryption) bits came from and where they are intended to next go. In particular, a TLA or interceptor or corrupted or threatened remailer operator CANNOT insert new text or new delivery instructions into packets received by his node BECAUSE HE CANNOT OPEN ANY PAYLOAD ENCRYPTED TO THE NEXT NODE. Anything he adds to the payload bits (which he can see of course, though not decrypt or make sense of) will of course make the next node see only garbage when he tries to decrypt the payload. This process continues, in a recursive fashion. Now of course there are some boundary conditions. If every remailer is compromised, then complete "visibility" is ensured. The sender and receiver are in a fishbowl, a panopticon, with everything visible to the TLA or attackers. And if even a fraction of the remailers are compromised, then with collusion they can map inputs to outputs, in many cases. (How many they can and how many they can't are issues of statistics and suchlike.) Another boundary condition is when a remailer network is lightly used, or when correlations between sent messages, received messages, and actions take place. A signal recovery problem, perhaps akin to some military sorts of problems. (Note that this "few users" problem is essentially isomorphic to "compromised remailers." And if the TLAs are the dominant users of remailers, sending dummy messages through, they get the same benefits as when their are few users or compromised remailers. For example, if the typical mix "latency" is 20 messages, and TLAs account for 98% of the traffic through remailers, then it's easy to calculate the Poisson probability that they can trace the only message that is NOT theirs. And so on.) Most of these problems go away when the number of remailers is large, the number of independent users is large, and the remailers are scattered in multiple jurisdictions, making it hard for the TLAs to enforce or arrange collusion. Another "trick" of use in _some_ of the boundary conditions is to "BE A REMAILER." This gives at least one node, namely, oneself, which is presumably not compromised (modulo black bag attacks, worms, that sort of stuff). And one could pay others to operate remailers with trusted code. (No disk Linux computers, for example, as discussed by several here over the years..) Finally, most of these issues were obvious from the very beginning, even before Cypherpunks. When I proposed the "quick and dirty" remailers in the first Cypherpunks meeting, the ones we emulated in our Games, it was with the full awareness of David Chaum's "untraceable e-mail" paper of 1981 (referenced in the handout at the first meeting). And of his later and more robust DC Net paper of 1988, further developed by the Pfitzman team around that time. The Chaum/Pfitzman/et. al. DC-Net addresses the collusion problem with novel methods for doing, effectively, zero knowledge proofs that some bit has bit been entered into a network without any traceability as to who entered it. (Chaum uses 3 people at a restaurant, usin
cpunk-like meeting report
I went to a meeting of the Irvine Underground (irvineunderground.org) which reminded me of late-90s SF CP meatings. Although the overall tech level was probably lower and social implications weren't a big topic. Also, at this meeting, there were far more cameras or videocams than were present (at least overtly :-) at the few CP meats I attended. However, nyms were used more than they were (overtly :-) at CP meatings; this may have been due to a "introduce yourself" poll. The IU group seems to be a bit more social, going to movies for instance, than the topic-only CPs were. The meeting was held in a room at an IHOP (pancake restaurant for furriners) The exploit mentioned in http://www.usatoday.com/tech/news/2003-12-11-microsoft2_x.htm was demonstrated, we were debriefed on the recent LA 802.11b War Flying mission (and the EMI resistance of 1960's era single-engine airplane instruments :-). Toorcon organizers were present. About 30+ people were there, with what appeared to me to be a bimodal distribution of skills, some advanced, some admitted unix newbies, etc. There was even recreational lock picking. A WiFi LAN, net connectivity through someone's cell phone eventually. A video projector. I didn't notice persons with exceptional Euler numbers, though black was definately the color of choice for garments. Ages appeared well distributed from undergrad to hoary. One gent noticed a certain TLA on my cypherpunks T-shirt and admitted that he had once worked in Ft Meade, though he wouldn't say on what :-)
Re: Zombie Patriots and other musings
(resend) At 11:52 AM 12/13/03 -0500, John Kelsey wrote: >At 09:19 AM 12/12/03 -0800, Major Variola (ret) wrote: >... >>You need to think about the "lone warrior" scenario that the Gang >>worries about. McVeighs and Rudolphs. >>They were influenced by memes which were not immediately suppressed. > >One interesting property of the lone warriors is that they can't actually >make peace. Good points, but not entirely true. For instance, we could stop the Jihad (tm) (including future Jihads by other parties) by stopping all foreign aid, following the good general's advice, "Trade with all, make treaties with none, and beware of foreign entanglements." If you take yourself out of the game, you are not seen by a player which can be influenced. Or which influencing would do any good to a given cause. A government can take itself (and thus the proles that fed the NYC rodentia the second week of Sept 01) out of the game, while individuals (corporations) continue to trade freely, and at their own consensual risk. The point is that while the soldiers are independent, their motivations are not. So you can reduce the cost of the lone warriors to you by not annoying them any more. >Of course, there's a more fundamental problem with surrendering to the lone >warriors. Imagine that there's such a wave of pro-life terrorism that we >finally agree to ban abortion. You're a fanatically committed pro-choice >activist. What's your next move? Rudolph bombed clinics, not random people because the govt allowed the clinics. Contrast with a distributed jihad which attacks citizens to sway a govt. If the US went neutral, whether Halliburton was in Arabia would be entirely an economic question, involving the cost of paying off widows or hiring Islamic workers, or buying the goods through a third party. Instead its a policy question, the only way to influence it is to bring it home ---"the only language the American people understand is dead Americans." -EC --- "Can you hear me now?" -UBL, 11.9.01
Re: Compromised Remailers
Tim May wrote: I haven't carefully looked at the current source code (if it's available) for things like "Type II Mixmaster" remailers, things which offer reply-blocks. The source is available for mixmaster. However, Type II does not offer reply blocks. Certainly for the canonical Cypherpunks remailer, the store-and-forward-after-mixing remailer, the fact that the nested encryption is GENERATED BY THE ORIGINATOR means that interception is useless to a TLA. The most a TLA can do is to a) not forward as planned, resulting in a dropped message, or b) see where a particular collection of random-looking (because of encryption) bits came from and where they are intended to next go. Not necessarily. You don't have to be able to read a message to determine what it is. In the case of an amphibian remailer operator (who shall remain nameless) revealing the identity of someone using his remailer, this remop ran 2 of the three remailers being used. The chain went: A -> B -> C -> D -> E where A is the sender, E the recipient, and B and D are the remailers controlled by the same person. Also, if the message to E had been encrypted it wouldn't have mattered much in identifing who what sending something to whom. The remop could tell that a message from A coming in through B always resulted in a message going to C, and that such messages always had a corresponding message from D to E. The fact that the messages were encrypted to each remailer's key, and that the middle remailers was not compromised, did not protect the user. There were a some special circumstances to this, the biggest one being that A was sending a ton of messages, all of similar size, through the exact same chain. But it does show the problem with Type I reply blocks in use by the current system. In particular, a TLA or interceptor or corrupted or threatened remailer operator CANNOT insert new text or new delivery instructions into packets received by his node BECAUSE HE CANNOT OPEN ANY PAYLOAD ENCRYPTED TO THE NEXT NODE. Anything he adds to the payload bits (which he can see of course, though not decrypt or make sense of) will of course make the next node see only garbage when he tries to decrypt the payload. Of course they can't alter the encrypted text, but it may be possible to add text after the pgp-encrypted block to make tracking the messages easier. There's also the issue of taking a reply block and replaying it with new text in order to watch where it goes. [snip] And if even a fraction of the remailers are compromised, then with collusion they can map inputs to outputs, in many cases. (How many they can and how many they can't are issues of statistics and suchlike.) Exactly. This is the case I was mentioning above. It shows that the "if one remailer is legit your messages are safe" line of thinking is not necessarily true. [snip] Adding reply-block capability significantly raises the risks for traceability, in my opinion. I am not casting doubt on the Anonymizer and on Mixmaster Type N (whatever is current), but I have not seen much detailed discussion here on the Cypherpunks list, and I am unaware of peer-reviewed papers on the cryptographic protocols being used. (If they exist, pointers here would be great to have!) Type II is the current, though cypherpunk (Type I) are in use. II does not allow for reply blocks. Type III (mixminion) is in active development and allows for SURBs - Single Use Reply Blocks -- that will allow for nyms without having to store a set number of reply blocks that can be replayed (a la the current type I pseudonym setup) Anyway, just a few thoughts. I'm far from an expert on this so take everything with a large grain of salt. --B