[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Lurkers: First draft: call for comments (was Re: Paperdeadlines)
On Mon, 2002-05-06 at 23:47, Len Sassaman wrote:
> On 6 May 2002, Nick Mathewson wrote:
>
> > Re-read the part about what TLS gets us; it's not there to prevent third
> > parties from decrypting messages. It's there for forward security
> > against eavesdroppers who later compromise or subpoena nodes, IIUC.
>
> Ah, of course. Though that would require the attacker both impersonate the
> second remailer *and* be able to obtain the second remailer's true key at
> some point in the future.
Not so hard for a governmental adversary; just use a carnivore-ish
wiretap to mount your MITM attack, and then subpoena the receiving node
and demand that it decrypt the message.
If, on the other hand, you can't do the MITM attack, you have no idea
which message to demand the decryption of, unless you've already
compromised somebody in advance, or somebody's forgotten to erase their
workspace. :)
--
Nick