[Remops] bomb threats
Len Sassaman
rabbi at abditum.com
Tue Aug 28 22:18:52 BST 2007
On Tue, 28 Aug 2007 remop at hermetix.org wrote:
> Contextual food for thoughts:
>
> JAP has an additional 'feature' that was added to the Mix server code
> that enables operators to revoke anonymity if they all work together and
> recompile their software. As stated above, this is completely covered by
> the AN.ON threat model and no security leak. Currently, further research
> is done by AN.ON to make this functionality even more privacy-friendly
There have been a number of different proposals for doing backdoored
anonymity systems. All of them have substantial problems. I am unlikely to
be convinced that we can do backdoored anonymity systems "safely", setting
aside the debate on whether or not they are a good idea in the first
place.
I'm pretty convinced we don't know how to do anonymity safely in the first
place, let alone how to design, build, and deploy a system that will break
when you want it to, but not when you don't.
So, if our goal is to provide people with a communications channel with
strong anonymity properties, we have no business putting backdoors into
our infrastructure.
--Len.
--Len.
More information about the Remops
mailing list