XPost: alt.privacy.anon-server, sci.crypt
From: bounce.me@oc2mx.net
Yamn2 Remailer wrote:
> Stefan Claas wrote:
> > Anonymous User wrote:
> > > Stefan Claas wrote:
> >
> > > > With YAMN's security flaws you can be easily de-anonymized.
> > >
> > > Which security flaws? You don't think of Internet I/O which anyhow has
> > > to be handled by specialized communication software like OmniMix?
> >
> > First of all, Zax should IMHO seperate the client form the remailer
> > code, so that users can focus on one program.
>
> Doesn't look like a problem for OmniMix.
But who uss OmniMix? Only a handful of a.p.a-s users which
is not the global majority of remailer users.
>
> >
> > I do not use OmniMix, so I can't speak for it.
>
> So you stir up hatred against it though you're not competent
> talking about it. That paints a queer character.
With using I mean regularly, soory. I have tested a couple of times
of course too.
> > YAMN has the following security flaws:
> >
> > a) It does not want onion addresses to been used in the MX code
> > and Zax should really tell us why!
>
> With its advanced delivery strategy OmniMix does a much better
> job in forwarding remailer packets than any remailer packet
> encoder could ever do.
See above.
> > b) Users new to remailing with YAMN, see only at his repository
> > minimal configuration files, which are of not much help, IMHO.
>
> Users new to remailing should use a GUI like OmniMix or QS/L.
> There's so much that can go wrong. And all that copying &
> pasting is boring and prone to errors. Fortunately there's no
> reason to reinvent the wheel and learn command line commands.
No, they use what they see at GitHub and elsewhere.
> > But the problem is, if you do not look close at his source code
> > IIRC in config.go, the YAMN client, when set-up not properly,
> > with socat, can and does bypass your Tor settings in socat and
> > sends via clearnet to mixmin, filling up his log files and then
> > crashing his server. Remops know that when analyzing MTA logs
> > that they include the IP address from the originating client, if
> > Tor is bypassed, and to whom the email goes. *That is definetily
> > an absolute no-go* and Zax should explain to us why he coded it
> > that way for client usage, if users are unaware of this! I am
> > talking of the internal MXRelay = true setting, which should
> > be by default set to false in his source code. Mixmaster IIRC
> > does not do this.
> >
> > c) Zax should better use Go's proxy package for a seperate
> > YAMN client, so that stats and pub keys can be fetched via
> > Tor and also remailing is done via Tor.
>
> OmniMix does all this on its own.
See above.
>
> But with YAMN Steve did a great job in packet creation fixing
> known Mixmaster flaws and moving to more stylish crypto
> algorithms. The rest is of minor importance.
You mean this theorethic Ritter's tagging attack?
> You as a Linux guy should be accustomed to task separation with
> a GUI integrating all of those components? OmniMix is just
> that.
Please don't repeat the OmniMix usage.
> > He should really tell us all, what has driven him to not
> > like onions, which can be seen IIRC in mail.go.
> >
> > YAMN in it's current form tells me unfortunately that you
> > must rely on the old a.p.a-s saying "trust nobody" :-(
> >
> > Hence the reasone I released yamn-proxy. :-)
>
> But a properly configured MTA would do it as well.
An MTA has nothing to do with what I have described and Zax
owes us an explanation.
--
https://tilde.club/~pollux/
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
