On Thu, 5 Oct 2000, Ralf-Philipp Weinmann wrote:
One variation of the original proposal would be to only allow egress to addresses known to lay in a jurisdiction different from the one in which the remailer resides. I know, the problem is nontrivial with all the dotcom addresses and such around. Does doing a DNS lookup and working on IP addresses help?
Nope. Unfortunately it does not. Deriving the geographical location from an IP address and a DNS name is not always feasible.
But actually the problem, here, is less one of pinpointing the location than of trying to ensure that the location is far enough away. I think some careful thinking in terms of the current BGP aggregation scheme should help at least a little.
which could be reversed to get to the geographical location, however it will not always be readily apparent how it works.
How about trying to automate this process? Using the remailer IPs and possibly some others as well known geographical 'beacons' and utilizing routing aggregation to get parts of the address space that are sure to be close to the remailer and hence 'dangerous'. I think geographical information at the level of nations is at least somewhat reflected in the allocation of IP addresses - it wouldn't seem sensible to allocate IP addresses for two different countries from a single pool.
What one could do however is have the remailer pass on every message which has a recipient address that is *known to be in a jurisdiction that is different from the remailers*.
And pass those that are known to be in the same.
You will not be able to reach each and every target then, but at least it's better than nothing.
If this sort of egress filtering (or any variant of the original scheme proposed) seems useful, why not develop some protocol/uniform data format to acknowledge the limitations of a given remailer. Type 2 remailers even have the necessary public key infrastructure in place to sign such extra data.
On the other hand I remember that the Curch of Scientology was able to have an impact on anon.penet.fi despite the fact that this remailer was outside of US jurisdiction. Maybe we have to come up with a list of "incompatible" jurisdiction systems to avoid this sort of thing from happening again.
The anon case was perhaps a bit different - provided that a remailer is well maintained, cpunk remailer maintainers can display that no data is retained on where different messages originated or were posted to. I do not think even CoS could have shut anon.penet.fi down. Sampo Syreeni <decoy@iki.fi>, aka decoy, student/math/Helsinki university