Re: SECURITY: Logistics of paranoia.

From: Alex Future Bokov (alexboko@umich.edu)
Date: Fri Jun 05 1998 - 16:52:44 MDT


-----BEGIN PGP SIGNED MESSAGE-----

Hal Finney's and Harvey Newstrom's responses made it clear to me that my
question wasn't phrased specifically enough. Here are some underlying
assumptions I forgot to mention:

1. Remailers are not the weakest security link.
        Today, there are remailers that randomize the order in which
messages are sent, and encrypt the sender/recipient databases. Most
serious users have their message go through a chain of several remailers
before it gets to the destination.

2. The physical security of your computer is not the weakest link.
        Physical security is really a separate discussion.

3. The software security of your computer is not the weakest link.
        If your PC is running an OS not designed for remote control
(MacOS, DOS, stand-alone Win95) and no network software except an
encrypted telnet, ssh, or email client you pretty much don't have to worry
about remote inflitration or sniffing. Denial of service attacks probably
can't be prevented, though.

4. Encryption technology advances along with cracking technology, always
remaining a step or two ahead.
        There are multiple ways to encrypt any given piece of data, but
only one correct way to interpret a given piece of encrypted data.

        Sasha pointed out that "the person's interests may be hurt by
actions directed at this pseudonym - it becomes part of one's identity".
True, you can be slandered. However, you cannot be killed, arrested,
deported, fired, or stripped of net access-- unless the pseudonymous
entity you're talking to tells your adversaries about your future plans,
thus allowing them to be waiting for you when you get there, whoever you
are.
        The weak link is the human factor. How do you know that the person
you're talking to can be trusted, or, how do you talk to someone you
aren't sure you trust? The three (non-rigorous) ways I've thought of so
far are:

1. Have a well known third party sign both keys. This is probably a bad
idea if this person can be "gotten to" because it implies they know both
of the secret agents. Hmm... perhaps a well known _anonymous_ persona...
see the next item, though.

2. Spend a long time establishing the credentials of your anonymous
persona. Theoretically a sufficiently dedicated adversary can spend a long
time doing this, though, and fool you.

3. Come up with a test that would rule out certain types of infiltrators.
For example, if it's the US gov you're worried about, ask them mail you a
copy of PGP accross the US border thus breaking Federal law. If it's the
religious fundies you're worried about, ask them to write something really
blasphemous. I know, I know, this is really weak. They will find
loopholes, and they'll probably not be above breaking their own rules on
occasion.

What do you think?

PS: Ooh, I think I came up with a scheme for doing this, but it might be
long, so I'll put this into a separate message after I've thought about it
for a while.

                                            --Sincerely, Alex F. Bokov

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBpAwUBNXh2v5vUJaRNHMexAQHqPgKaAueHnLfzbm5JIw4aSi7rL1nGODu1PSJj
gkjNpUcNVuM2hLq8ae0lFQHkWos5bAacII5wbA+odS3vJgNU36Q+CnPYdKPvjFR7
9no6q191qmlzlfvF
=9I4l
-----END PGP SIGNATURE-----



This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 14:49:10 MST