At 10:26 PM 10/3/00 -0500, Jim Choate wrote:
>On Tue, 3 Oct 2000, Bill Stewart wrote:
>> Remember that we're talking about detecting spam on *outgoing* messages -
>
>No, we're not. We ARE talking bout checking incoming messages to ensure
>the body of the message is encrypted. No unencrypted traffic. End to end
>crypto, all the way baby...
Sure are - it's a followon to Peter Trei's message dated
Tue, 3 Oct 2000 10:48:07 -0400 which said
= I would like to suggest that a remailer could eliminate nearly all it's
= problems by only sending out encrypted mails - that is, if after
= removing the encryption that was applied using it's own private
= key, it finds that the result is plaintext, it simply drops the message.
That's a remailer checking outgoing mail to be sure it's encrypted,
as well as checking incoming mail.
>What algorithm is proposed that can reliably determine the difference
>between plaintext and cyphertext, note that we don't know what algorithm
>is used, with only 20 bytes/char's?
On incoming messages, it's easy to tell if it's encrypted to *you* -
decrypt it with your private keys, job's done. If you don't recognize
the algorithm, the message wasn't for you.
>Another question I have is, does this mean that anonymous stego isn't
>possible now with this approach.
Hmmm. That's a more interesting problem - this does seem to have the
tradeoff that if you want to get messages sent to you using stego,
you shouldn't use a remailer that has a PGP-out-only policy.
On the other hand, mail from a known Cypherpunks Anonymous Secret
Message Remailer adds a certain amount of suspiciousness anyway.
You want to get your stego messages from "Fred's GIF-of-the-Day" or
"Pirate-Muzick-R-Us" or something that's a better cover story -
so make sure those sites accept incoming PGP mail.
>What algorithm will reliably find stego data?
If you can reliably find it, it's not very good stego :-)
Open source stego that's not key-based has inherent weaknesses -
the eavesdroppers can easily extract the message from the cover text,
so the message needs to be binary random-looking noise which
somewhat plausibly belongs in the message (e.g. low bits of sound samples.)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
