In your Black SOAP RFC draft [cpunks 11 Feb 02] you propose using USENET
as a broadcast medium
for encrypted messages injected via an anonymous remailer chain. The
broadcast provides
resistance to traffic-analysis for the receiver; remailers provide
anonymity for the source;
encryption provides confidentiality and authentication for the message.
(The XML & Soap, which we admit to having very little knowledge of,
seems only to facilitate
interoperability? You could use remailers, PGP, and USENET by
themselves, no?)
It seems it would be useful, in a client program, to have some way of
automating the extraction of messages
destined for the user. A few ideas come to mind.
IF the message were known to be prose, a simple entropy-measure on each
of the decrypted messages would detect messages encrypted with our
public key; messages which
are not for us (including plaintext) would be turned into noise. Both
Shannon's and Maurer's tests
are very fast. You wouldn't need to decrypt much of each message.
Alternately you could scan for a given string ("Destined-For: myhandle")
somewhere in the first N kilobytes
of decrypted data. If this is not the first correspondence with the
other entity, you could search for a string provided by the
initial contact posting. It would be fastest if the "this-is-for-me"
string were at a fixed location in the message, so that
little would need to be decrypted, but we are concerned about the
security risk of that mechanism.
Thoughts?
