The Other Lance writes:
This will not work if Yancy is not trustworthy. She could then send the message through a chain of compromised remailers, to create the prepaid mailer packet. This would also happen, though less harmfully, any time the chain hit a bad node. Letting the nodes choose the other nodes is fatal. ---------------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD
Good points, and I'm sure there are other weaknesses and points of attack. Zeke may be able to mitigate the risks somewhat by providing Yancy with an acceptable list of remailers, ones he trusts. Cut-and-choose, etc. Or his prepaid mailer may split the message into n pieces, for added resistance to compromise. The main thing I wanted to get across with reopening the debate on this (and if it inspires Eric Messick, this will be reward enough) is that the web of remailers may have many modes of use. Some in which the nodes are known and named and the sender picks a route to the receiver, others in which the receiver picks the route and arranges for this kind of "prepaid mailer" which the sender simply drops into the system. The use of pools makes this more elegant, I believe. Some messages could be copied out of these pools (or "digital dead drops," in crypto-spy lingo) and then routed onward. Thanks for the comments! And, again, I really wish we had some blackboards to iron out some details and fix whatever flaws pop up. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power:2**859433 | Public Key: PGP and MailSafe available.