-----BEGIN PGP SIGNED MESSAGE----- People asked in earlier in this thread how remailers could issue digital postage stamps without being able to know who is using which stamp issued. One obvious approach is to use blind signatures. Rather than issuing a stamp to the user who requests/purchases it, the user could send an unsigned stamp, encrypted in an RSA envelope, to the remailer. The remailer would then blind-sign the envelope and return it to the user. The user then decrypts the envelope and has a stamp ready for use. At the time of use, the remailer checks the signature. If it is valid, it checks to see if the stamp has been used before. If so, it forwards the message to /dev/null; if not, it records the stamp (or perhaps a hash of the stamp) in its database. How does the remailer know that it is signing a stamp rather than (say) money orders, or a confession of sending kiddy porn over the net? The textbook answer is to use a cut-and-choose protocol -- which requires some subsequent communication with the user. But I'm not convinced that this is necessary. If the remailer's postage key is used only for postage and known to be used only for postage, then tricking it into signing something else would have the same significance as "signing" a paper check with the Pitney-Bowes postage meter. I'm assuming that the postage stamp would look something like: - -----BEGIN POSTAGE STAMP----- Kibo's remailer <remailer@happy.net> 3FA610092DB3FE12554AE98F66705601 - -----END POSTAGE STAMP----- where the random bits are generated by the user prior to submission to the remailer. (Actually its appearance would be implementation-dependent, of course.) This is all cryptology 101, of course, but hey, it's a start. - -- Alan Bostick | He played the king as if afraid someone else Seeking opportunity to | would play the ace. develop multimedia content. | John Mason Brown, drama critic Finger abostick@netcom.com for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMQPF+uVevBgtmhnpAQEgAQL/aYgGUvvW4jTLSnqxheid006I85sUdk2H l4GxtjW7obMI8rZ0c4kEYsXHnbDyFaREOpSjhSDzeqV2pkogesea0j/xXRqM7UQ3 hG5NBc56Nhr78+hqIOuyo3t6RaRjXi75 =qYXn -----END PGP SIGNATURE-----