| 143 |
content) in the packets. The content may be compressed |
content) in the packets. The content may be compressed |
| 144 |
before splitting.</t> |
before splitting.</t> |
| 145 |
|
|
| 146 |
<t>The sender next chooses a sequence of up to 20 remailers |
<t>The sender next chooses a chain of up to 20 remailers |
| 147 |
for each packet. Each path is independant, and can be of |
for each packet. Each path is independant, and can be of |
| 148 |
a different length, but all paths must end at the same |
a different length, but all paths must end at the same |
| 149 |
remailer. This final remailer is responsible detecting and |
remailer. This final remailer is responsible detecting and |
| 151 |
and doing the final delivery.</t> |
and doing the final delivery.</t> |
| 152 |
|
|
| 153 |
<t>Each packet is next prepared as follows (the full details |
<t>Each packet is next prepared as follows (the full details |
| 154 |
are in <xref target="packet-header"/>). For a sequence |
are in <xref target="header-section"/>). For a chain |
| 155 |
of "n" remailers, headers "n + 1" through 20 are filled |
of "n" remailers, headers "n + 1" through 20 are filled |
| 156 |
with random data. For headers "n" down to one, the sender |
with random data. For headers "n" down to one, the sender |
| 157 |
generates a symmetric encryption key. This key is used to |
generates a symmetric encryption key. This key is used to |
| 158 |
encrypt the packet body and all the following headers. The |
encrypt the packet body and all the following headers. The |
| 159 |
key, and other control information, is then encrypted with |
key, and other control information, is then encrypted with |
| 160 |
the public key of the "n"'th remailer in the sequence.</t> |
the public key of the "n"'th remailer in the chain.</t> |
| 161 |
|
|
| 162 |
<t>The process is repeated, working backward through the sequence |
<t>The process is repeated, working backward through the chain |
| 163 |
until the first packet has header information encrypted for the |
until the first packet has header information encrypted for the |
| 164 |
first remailer, and the packet body has been encrypted "n" times. |
first remailer, and the packet body has been encrypted "n" times. |
| 165 |
The packet is then sent to the first remailer on its |
The packet is then sent to the first remailer on its |
| 166 |
sequence.</t> |
chain.</t> |
| 167 |
|
|
| 168 |
</section> |
</section> |
| 169 |
|
|
| 171 |
|
|
| 172 |
<t>When a remailer receives a message, it uses its private key to |
<t>When a remailer receives a message, it uses its private key to |
| 173 |
decrypt the first header section. The Packet ID (see |
decrypt the first header section. The Packet ID (see |
| 174 |
<xref target="packet-header"/> can be used to detect |
<xref target="header-section"/> can be used to detect |
| 175 |
duplicates. The integrity of the message is verified by |
duplicates. The integrity of the message is verified by |
| 176 |
checking the packet length and verifying the message digest |
checking the packet length and verifying the message digest |
| 177 |
in the packet header.</t> |
in the packet header.</t> |
| 195 |
<section anchor="message-reassembly" title="Message Reassembly"> |
<section anchor="message-reassembly" title="Message Reassembly"> |
| 196 |
|
|
| 197 |
<t>When a packet is sent to the final remailer, it contains an |
<t>When a packet is sent to the final remailer, it contains an |
| 198 |
indication that the sequence ends at that remailer, and whether the |
indication that the chain ends at that remailer, and whether the |
| 199 |
packet contains the complete message or if it is part of a multi-part |
packet contains the complete message or if it is part of a multi-part |
| 200 |
message. If the packet contains the entire message, the packet body |
message. If the packet contains the entire message, the packet body |
| 201 |
is decrypted and after reordering messages, the plain text is |
is decrypted and after reordering messages, the plain text is |
| 250 |
<section anchor="dummy-traffic" title="Dummy Traffic"> |
<section anchor="dummy-traffic" title="Dummy Traffic"> |
| 251 |
|
|
| 252 |
<t>Dummy messages are multi-hop messages with four randomly |
<t>Dummy messages are multi-hop messages with four randomly |
| 253 |
selected remailers as the sequence. The sequences must selected |
selected remailers as the chain. The chain must selected |
| 254 |
such that no remailer will appear twice unless two other remailers |
such that no remailer will appear twice unless two other remailers |
| 255 |
separate them.</t> |
separate them.</t> |
| 256 |
|
|
| 325 |
be given. Compression may be used if the capabilities attribute of |
be given. Compression may be used if the capabilities attribute of |
| 326 |
the final remailer contains the flag "C".</t> |
the final remailer contains the flag "C".</t> |
| 327 |
<t>An RFC 2822 user data section begins with the three bytes |
<t>An RFC 2822 user data section begins with the three bytes |
| 328 |
"##[RETURN]" (35, 35, 13). It contains an e-mail message or a |
"##[CR]" (35, 35, 13). It contains an e-mail message or a |
| 329 |
Usenet message.</t> |
Usenet message.</t> |
| 330 |
<t>A user data section not beginning with one of the above |
<t>A user data section not beginning with one of the above |
| 331 |
identification strings contains only the body of the message. When |
identification strings contains only the body of the message. When |
| 348 |
<t>The asymmetric encryption mechanism is RSA with 1024 bit RSA keys |
<t>The asymmetric encryption mechanism is RSA with 1024 bit RSA keys |
| 349 |
and the PKCS #1 v1.5 (RSAES-PKCS1-v1_5) padding format <xref |
and the PKCS #1 v1.5 (RSAES-PKCS1-v1_5) padding format <xref |
| 350 |
target="RFC2437"/>. The symmetric encryption mechanism is EDE |
target="RFC2437"/>. The symmetric encryption mechanism is EDE |
| 351 |
3DES with cipher block chaining (24-byte key, eight-byte initialization |
3DES with cipher block chaining (24-byte key, 8-byte initialization |
| 352 |
vector) <xref target="Schneier96"/>. MD5 <xref target="RFC1321"/> |
vector) <xref target="Schneier96"/>. MD5 <xref target="RFC1321"/> |
| 353 |
is used as the message digest algorithm.</t> |
is used as the message digest algorithm.</t> |
| 354 |
</section> |
</section> |
| 361 |
size.</t> |
size.</t> |
| 362 |
|
|
| 363 |
<t>The packet header consists of 20 header sections (specified in |
<t>The packet header consists of 20 header sections (specified in |
| 364 |
<xref target="packet-header"/>) of 512 bytes each, resulting in a |
<xref target="header-section"/>) of 512 bytes each, resulting in a |
| 365 |
total header size of 10240 bytes. The header sections (except for |
total header size of 10240 bytes. The header sections (except for |
| 366 |
the first one) and the packet body are encrypted with symmetric |
the first one) and the packet body are encrypted with symmetric |
| 367 |
session keys specified in the first header section.<figure><artwork> |
session keys specified in the first header section.<figure><artwork> |
| 384 |
+-------------------+</artwork></figure> |
+-------------------+</artwork></figure> |
| 385 |
</t> |
</t> |
| 386 |
|
|
| 387 |
<section anchor="packet-header" title="Packet Header Format"> |
<section anchor="header-section" title="Header Section Format"> |
| 388 |
|
|
| 389 |
<t>Packet layout<figure><artwork> |
<t>Packet layout<figure><artwork> |
| 390 |
[ Public key ID 16 bytes ] |
[ Public key ID 16 bytes ] |
| 393 |
[ Initialization vector 8 bytes ] |
[ Initialization vector 8 bytes ] |
| 394 |
[ Encrypted header part 328 bytes ] |
[ Encrypted header part 328 bytes ] |
| 395 |
[ Random padding 31 bytes ]</artwork></figure> |
[ Random padding 31 bytes ]</artwork></figure> |
| 396 |
|
Total size: 512 bytes |
| 397 |
</t> |
</t> |
| 398 |
|
|
| 399 |
<t>To generate the RSA-encrypted session key, a 24-byte |
<t>To generate the RSA-encrypted session key, a 24-byte |
| 411 |
[ Packet information depends on packet type ] |
[ Packet information depends on packet type ] |
| 412 |
[ Timestamp 7 bytes ] |
[ Timestamp 7 bytes ] |
| 413 |
[ Message digest 16 bytes ] |
[ Message digest 16 bytes ] |
| 414 |
[ padding as needed ]</artwork></figure> |
[ Random padding as needed ]</artwork></figure> |
| 415 |
|
Total size: 328 bytes |
| 416 |
</t> |
</t> |
| 417 |
|
|
| 418 |
<t>The fields are defined as follows: |
<t>The fields are defined as follows: |
| 419 |
<list style="hanging"> |
<list style="hanging"> |
| 420 |
<t hangText="Packet ID">randomly generated packet identifier.</t> |
<t hangText="Packet ID:">randomly generated packet identifier.</t> |
| 421 |
<t hangText="Triple-DES key">used to encrypt the following |
<t hangText="Triple-DES key:">used to encrypt the following |
| 422 |
header sections and the packet body.</t> |
header sections and the packet body.</t> |
| 423 |
<t hangText="Packet type identifier">The type identifiers |
<t hangText="Packet type identifier:">The type identifiers |
| 424 |
are: |
are: |
| 425 |
<texttable> |
<texttable> |
| 426 |
<ttcol align='left' width='20%'>Value</ttcol> |
<ttcol align='left' width='20%'>Value</ttcol> |
| 430 |
<c>2</c><c>Final hop, partial message</c> |
<c>2</c><c>Final hop, partial message</c> |
| 431 |
</texttable> |
</texttable> |
| 432 |
</t> |
</t> |
| 433 |
<t hangText="Timestamp">A timestamp is introduced with the byte |
<t hangText="Timestamp:">A timestamp is introduced with the byte |
| 434 |
sequence (48, 48, 48, 48, 0). The following two bytes specify |
sequence (48, 48, 48, 48, 0). The following two bytes specify |
| 435 |
the number of days since January 1, 1970, in little-endian |
the number of days since January 1, 1970, in little-endian |
| 436 |
byte order. A random number between one and three, inclusive, |
byte order. A random number between one and three, inclusive, |
| 437 |
may be subtracted from the number of days in order to obscure |
may be subtracted from the number of days in order to obscure |
| 438 |
the origin of the message.</t> |
the origin of the message.</t> |
| 439 |
<t hangText="Message digest">MD5 digest computed over the |
<t hangText="Message digest:">MD5 digest computed over the |
| 440 |
preceding elements of the encrypted header part.</t> |
preceding elements of the encrypted header part.</t> |
| 441 |
</list> |
</list> |
| 442 |
</t> |
</t> |
| 458 |
[ Initialization vector 8 bytes ]</artwork></figure> |
[ Initialization vector 8 bytes ]</artwork></figure> |
| 459 |
|
|
| 460 |
<list style="hanging"> |
<list style="hanging"> |
| 461 |
<t hangText="Initialization vectors"> For packet type one and two, |
<t hangText="Initialization vectors:"> For packet type one and two |
|
the IV is used to symmetrically encrypt the packet body. For |
|
| 462 |
packet type 0, there is one IV for each of the 19 following |
packet type 0, there is one IV for each of the 19 following |
| 463 |
header sections. The IV for the last header section is also |
header sections. The IV for the last header section is also |
| 464 |
used for the packet body.</t> |
used for the packet body.</t> |
| 465 |
<t hangText="Remailer address">E-mail address of next hop.</t> |
<t hangText="Remailer address:">E-mail address of next hop.</t> |
| 466 |
<t hangText="Message ID">Identifier unique to |
<t hangText="Message ID:">Identifier unique to |
| 467 |
(all chunks of) this message.</t> |
(all chunks of) this message.</t> |
| 468 |
<t hangText="Chunk number">Sequence number used in multi-part |
<t hangText="Chunk number:">Sequence number used in multi-part |
| 469 |
messages, starting with one.</t> |
messages, starting with one.</t> |
| 470 |
<t hangText="Number of chunks">Total number of chunks.</t> |
<t hangText="Number of chunks:">Total number of chunks.</t> |
| 471 |
</list> |
</list> |
| 472 |
</t> |
</t> |
| 473 |
|
|
| 535 |
</t> |
</t> |
| 536 |
|
|
| 537 |
<t>The attributes are listed in one line separated by spaces. Individual |
<t>The attributes are listed in one line separated by spaces. Individual |
| 538 |
attributes must not contain whitespace, and are defined as follows: |
attributes must not contain whitespace, and are defined as follows:</t> |
| 539 |
|
<t> |
| 540 |
<list style="hanging"> |
<list style="hanging"> |
| 541 |
<t hangText="identifier">A human readable string identifying the |
<t hangText="identifier:">A human readable string identifying the |
| 542 |
remailer</t> |
remailer</t> |
| 543 |
<t hangText="address">The remailer's Internet mail address</t> |
<t hangText="address:">The remailer's Internet mail address</t> |
| 544 |
<t hangText="key ID">Public key ID</t> |
<t hangText="key ID:">Public key ID</t> |
| 545 |
<t hangText="version">Software version number</t> |
<t hangText="version:">Software version number</t> |
| 546 |
<t hangText="capabilities">Flags indicating additional remailer |
<t hangText="capabilities:">Flags indicating additional remailer |
| 547 |
capabilities</t> |
capabilities</t> |
| 548 |
<t hangText="validity date">Date from which the key is valid</t> |
<t hangText="validity date:">Date from which the key is valid</t> |
| 549 |
<t hangText="expiration date">Date of the key's expiration</t> |
<t hangText="expiration date:">Date of the key's expiration</t> |
| 550 |
</list> |
</list> |
| 551 |
</t> |
</t> |
| 552 |
|
|
| 637 |
commands. These commands are sent via the Subject: line of an e-mail to |
commands. These commands are sent via the Subject: line of an e-mail to |
| 638 |
the email address of the remailer: |
the email address of the remailer: |
| 639 |
<list style="hanging"> |
<list style="hanging"> |
| 640 |
<t hangText="remailer-help">Returns information about using the |
<t hangText="remailer-help:">Returns information about using the |
| 641 |
remailer. The remailer may support a suffix consisting of a |
remailer. The remailer may support a suffix consisting of a |
| 642 |
dash and a two-leter ISO 639 country code. For example, |
dash and a two-leter ISO 639 country code. For example, |
| 643 |
remailer-help-ar will return a help file in Arabic, if |
remailer-help-ar will return a help file in Arabic, if |
| 644 |
available. Supported languages should be listed at the |
available. Supported languages should be listed at the |
| 645 |
beginning of the "remailer-help" response.</t> |
beginning of the "remailer-help" response.</t> |
| 646 |
<t hangText="remailer-key">Returns the remailer's public key as |
<t hangText="remailer-key:">Returns the remailer's public key as |
| 647 |
described in <xref target="key-format"/>. It may also return the keys and attributes |
described in <xref target="key-format"/>. It may also return the keys and attributes |
| 648 |
of other remailers it knows about.</t> |
of other remailers it knows about.</t> |
| 649 |
<t hangText="remailer-stats">Returns information about the number |
<t hangText="remailer-stats:">Returns information about the number |
| 650 |
of messages the remailer has processed per day.</t> |
of messages the remailer has processed per day.</t> |
| 651 |
<t hangText="remailer-conf">Returns local configuration |
<t hangText="remailer-conf:">Returns local configuration |
| 652 |
information such as software version, supported protocols, |
information such as software version, supported protocols, |
| 653 |
filtered headers, blocked newsgroups and domains, and the |
filtered headers, blocked newsgroups and domains, and the |
| 654 |
attribute strings for other remailers the remailer knows |
attribute strings for other remailers the remailer knows |
| 655 |
about.</t> |
about.</t> |
| 656 |
<t hangText="remailer-adminkey">Returns the OpenPGP <xref target="RFC2440"/> |
<t hangText="remailer-adminkey:">Returns the OpenPGP <xref target="RFC2440"/> |
| 657 |
key of the remailer's operator.</t> |
key of the remailer's operator.</t> |
| 658 |
</list> |
</list> |
| 659 |
</t> |
</t> |
| 752 |
intervals should not be smaller than the randomness in the delay caused |
intervals should not be smaller than the randomness in the delay caused |
| 753 |
by trusted remailers.</t> |
by trusted remailers.</t> |
| 754 |
|
|
| 755 |
<t>There is no anonymity if all remailers in a given sequence collude with |
<t>There is no anonymity if all remailers in a given chain collude with |
| 756 |
the adversary, or if they are compromised during the lifetime of their |
the adversary, or if they are compromised during the lifetime of their |
| 757 |
keys. Using a longer sequence increases the assurance that the user's |
keys. Using a longer chain increases the assurance that the user's |
| 758 |
privacy will be preserved, but at the same time causes lower |
privacy will be preserved, but at the same time causes lower |
| 759 |
reliability and higher latency. Sending redundant copies of a message |
reliability and higher latency. Sending redundant copies of a message |
| 760 |
increases reliability but may also facilitate attacks. An optimum must |
increases reliability but may also facilitate attacks. An optimum must |
| 838 |
|
|
| 839 |
</section> |
</section> |
| 840 |
|
|
| 841 |
<section anchor="examples" title="Examples"> |
<section anchor="examples" title="Examples"> <!-- XXX --> |
| 842 |
|
|
| 843 |
<t>This section contains a sample message and a sample key file</t> |
<t>This section contains a sample message and a sample key file</t> |
| 844 |
|
|
Parent Directory
| 
Revision Log
| 
Patch