[118433] in Cypherpunks
Re: Selective DoS Attacks: Remailer Vulnerabilities
daemon@ATHENA.MIT.EDU (Robert Hettinga)
Mon Sep 27 23:27:41 1999
Mime-Version: 1.0
Message-Id: <v0421010eb415dec157ea@[207.244.110.163]>
Date: Mon, 27 Sep 1999 22:56:07 -0400
To: cypherpunks@cyberpass.net
From: Robert Hettinga <rah@shipwright.com>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Reply-To: Robert Hettinga <rah@shipwright.com>
--- begin forwarded text
To: Robert Hettinga <rah@shipwright.com>
cc: cryptography@c2.net, coderpunks@shipwright.com, gnu@toad.com
Subject: Re: Selective DoS Attacks: Remailer Vulnerabilities
Date: Mon, 27 Sep 1999 18:06:03 -0700
From: John Gilmore <gnu@toad.com>
I wonder if the source of remailer unreliability could be further
tracked down by providing a "publish" bit under the encryption at each
layer. If the bit is set, the remailer publishes, on its own web site
the incoming message, the decrypted message, and the outgoing message.
If the bit is not set, the message is relayed privately as usual. The
publishing could be delayed for a period of time if desired.
Examining the web sites of the remailers will show where a published
message was lost or corrupted in transit. It will exit one remailer and
never enter the next - or enter it corrupted.
If identical messages sent with the publish bit on and off have different
long-term reliability statistics, it means the adversary has broken the
encryption, and can read the publish bit (and only corrupt messages that
are not publicly visible).
Note that merely flipping any data bit in a packet containing an email
message in transit will suffice to cause it to be discarded, since PGP
will report that it has been corrupted. (This would require hacking
the TCP checksum to avoid TCP error correction.) SMTP mailer logs on
such systems should also be scrutinized for indications that e.g. a
TCP connection was "reset" in the middle of receiving a message. It
would be worth recording full packet traces to and from some remailers
and looking for interesting activities such as TCP attacks or altered
data packets.
John
--- end forwarded text
-----------------
Robert A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
