Ben Laurie <[EMAIL PROTECTED]> writes:

> Florian Weimer wrote:

> > I couldn't find a PGP key server operator that committed itself to
> > keeping logs confidential and deleting them in a timely manner (but I
> > didn't look very hard, either).  Of course, since PGP hasn't
> > progressed as faster as our computing resources, I'm nowadays in a
> > position to run my own key server, but this is hardly a solution to
> > that kind of problem.

> OK, I buy the problem, but until we do something about the totally
> non-anonymising properties of the 'net, revealing that I want the public
> key for some person seems to be quite minor - compared, for example, to
> revealing that I sent him email each time I do.

But you don't have to reveal that you sent him email.  You can use
stealthy communication.

Stealthy communication is communication wherein not only is the
content concealed from eavesdroppers by encryption, but information
about who is communicating with whom, when, or if at all, is
concealed, as well.

The Internet can be used for stealthy communication.  The basic idea
is that each potential participant has ongoing traffic to and from a
message pool which is propagated world-wide.  When the participant has
no live traffic to send, dummy traffic is sent instead.  The dummy
traffic is indistinguishable from the live traffic except by using
decryption keys which are chosen by correspondents.  The outbound
traffic continues autonomously without interruption for months and
years and is not correlated to the live traffic, so an observer
without the keys cannot determine when or how much live communication
is happening.  Inbound cover traffic consists of taking a full feed of
the message pool at all times without interruption.

A Debian Linux package exists which enables stealthy email.  It has
been in everyday use for years, although not widely.  Details on
request.  I am looking for someone to host it.  Any volunteers?

 -- StealthMonger

         <[EMAIL PROTECTED]>
         <[EMAIL PROTECTED]>
         <[EMAIL PROTECTED]>

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to