Implications of a common private keys directory in 2.1

Carola Grunwald caro at nymph.paranoici.org
Sat Nov 26 02:17:31 CET 2016


Andrew Gallagher <andrewg at andrewg.com> wrote:

>On 24/11/16 23:03, Carola Grunwald wrote:
>> 
>> Let's just say I hold two nym accounts at different nym servers
>> 
>> https://en.wikipedia.org/wiki/Pseudononymous_remailer#Contemporary_nym_servers
>> 
>> and send WME encapsulated mail through both of them to a single
>> recipient making him believe he talks to two different persons.
>
>In this case, you must have already created a separate PGP keypair on
>your local machine for each nym username.

WME encoding, remailing and nym handling are done completely at the
proxy. You can use any, even the most primitive PGP-unaware MUA to send
and receive standard mail and Usenet messages, crypto and anonymization
capabilities are provided by the proxy.

>
>> WME encrypts the
>> whole message for the recipient signing it with its individual WME key
>> (which can be the nym server account key)
>
>So the server can sign the WME encapsulation with it's own key.

By signing all WME messages of all your nym accounts with an identical
key, your imaginary proxy server key, you disclose that all of them
originate from the same server. That means on one hand you try to avoid
all potential similarities between your nyms, from writing style to
(day)time patterns of message creation, and on the other all your
messages' signatures scream out loud 'We belong together!'.

You see the discrepancy? Or what's your point here?

> It
>doesn't add anything for the server to use a per-userid key, because
>the user must already have a per-userid key locally in order to use
>nym, and so can sign the original message in the MUA.

No problem to add another inner PGP encryption layer created locally by
the MTA with a key controlled by the user. But MUAs don't have my
proxy's header filtering, header and MIME boundary delimiter
normalizing, nym formating and crypto capabilities that make it so easy
to use remailers and nym servers in a secure way.

>
>> encrypts it for the nym
>> server signed with the nym server account's key and sends the result
>> through the remailer network to the nym server, which removes the nym
>> server encoding layer checking the account signature and sends the
>> resulting WME message to the recipient.
>
>The same applies at the receiving end. The recipient must have a
>per-userid PGP key, and therefore can decrypt messages in their own
>MUA.

Which MUA can restore a WME encrypted message?

> Encryption to the receiving nym server's common key is sufficient
>for confidentiality as far as the mailbox - at which point it gets
>converted back to a standard PGP message.

In my example the message follows the path

MUA > proxy (SMTP) >
Tor network (3 nodes) > remailer network (1..20 hops) > nym server >
POP3 server > proxy (POP3) > MUA

And as I earlier tried to explain a standard PGP message leaks lots of
information which a WME message doesn't.

Kind regards

Caro



More information about the Gnupg-users mailing list