On Wed, 22 Aug 2001, techt wrote:
> On Sat, 18 Aug 2001 07:45:45 Peter Palfrader wrote:
> > On Thu, 16 Aug 2001, Henrique de Moraes Holschuh wrote:
> > > > - There should exist the possibility to send "anonymous" email.
> > >
> > > You'll probably need to deploy a chain of suitable email hubs
> >
> > Using mixmaster remailers provides good security if used correctly and
> > the public remailers can be trusted.
>
> I have to agree with the use of Mixmaster. I've used it myself in
> the past and have found it easy to both set up and use. There is a problem
> with Mixmaster being non-free. The source is free but it uses the IDEA
> algorithm which is patented. The patent on IDEA doesn't expire until 2007
> I think. Perhaps an avenue to check would be to ask the patent holder if
> they would allow IDEA to be used freely in a human rights environment.
> Couldn't hurt to try. Would this satisfy the requirements for inclusion
> under free software in Debian?
No it would not. And IDEA is not the problem.
Mixmaster 2.9 (the betas for 3.0 - to be released when Debian is
at 9.something or so) is non-free. The licence[0] requires you to
| (iii) provide Anonymizer Inc. with a copy of the Source Code of
| such modifications or work by electronic mail, and grant
| Anonymizer Inc. a perpetual, royalty-free license to use and
| distribute the modifications or work in its products.
which is no problem as long as Anonymizer exists. But as soon as they
cease to exist you can no longer legaly distribute your changes. So
the mix 2.9 license is not DFSG free (3: Derived Works). It could
also be argued that it discriminates against persons or groups not
beeing Anonymizer Inc. but I think that's rather weak.
Mixmaster 2.0 is GPL and is - to my best knowledge - completely free
of patents. RSA is free since Sep 20th last year and IDEA is not needed
as mix2.0 implements a Type II remailer only. Mix2.9 implements both -
Type I (pgp) and Type II (mix).
As a (middleman) remailer mix2.0 has some nice features that 2.9 lacks
(although non-official patches exist to fix 2.9 in this regard).
In client mode for a multi-user system I would still recommend 2.0 too.
It lacks the interactive mode and so can be set suid a mix user. This
way several people can share one pool directory which is imo a good
idea.
[Unfortunatly both 2.9 and 2.0 were not really written for multi user
systems. I would expect from a mixmaster package that
the remailer keys and stats are configured system-wide
(say /var/lib/mixmaster) but can be override by the user (~/.mix/ ?).
The user should have the option to either send their mail immediatly or
to add it to this system's message pool.
Also the keys and stats list would need to be updated periodically (ever
day or every other day) either by pinging remailers directly or fetching
stats from some ftp|web|finger service. ]
yours,
peter
0. ftp://mixmaster.anonymizer.com/COPYRIGHT
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : By professionals,
| `. `' for professionals
http://www.palfrader.org/ | `- http://www.debian.org/
Attachment:
pgpPnaVrMsixl.pgp
Description: PGP signature