---------- From: Jim Choate[SMTP:ravage@ssz.com]
On Tue, 3 Oct 2000, Trei, Peter wrote:
I would like to suggest that a remailer could eliminate nearly all it's problems by only sending out encrypted mails - that is, if after removing the encryption that was applied using it's own private key, it finds that the result is plaintext, it simply drops the message.
And just exactly what algorithm is that you're using to determine crypt-v-plaintext?
Ain't no such beast and won't be until somebody comes up with nearly infallible translation technology. We're closer to quantum computers and making the whole thing moot than we are to having near-flawless translation technology.
If a bullfrog had wings, it wouldn't bump its butt when it jumped.
And let's not forget the key managment problem if remailers impliment such a policy. Without a secure key management scheme then the 'encrypted body' approach won't work because Mallet has the keys.
Key management and a billing model are what is required to make anonymous remailers work.
Jim: We're talking about ways to prevent some of the abuse to which remailers are subject. Not sending out plaintext gets rid of spam, any suggestion that the remailer knows the content of the message, and makes sure that the recipient is a crypto-clueful person. I'm *not* talking about the remailer re-encrypting a message before it's sent off to the recipient. I'm talking about the original sender encrypting the message all the way to the recipient, so the remailer only sees a 'next address' and an encrypted blob. Your note indicates that you have failed to appreciate this simple point. -----BEGIN PGP MESSAGE----- Version: N/A pgAABOL1Mtkh7VXcUuV8Zp8wI5sUCB/qMHZVGHKiaP7uvZhsBjoh13Pvsg6FFxES Yes+its+possible+to+disguise+plaintext+as+cryptotext+but+all+the remailer+really+has+to+do+is+make+sure+that+the+message+being+++ sent+out+complies+with+one+of+the+various+ascii+armouring+++++++ formats+If+so+you+can+be+sure+that+the+message+cannot+be++++++++ confused+with+anything+that+looks+like+regular+plaintext++++++++ GPKInIcic85IcxhTBf1RSSaY9Jbpokwrc3mhFst22kEfm0FcLZCgDuZFCgg+5GLn 9YGBtzNT1A== =5wNL -----END PGP MESSAGE----- This won't solve every problem, but it will solve many, and make running a remailer a much easier choice. BTW, how would you do key management and billing in a system which is supposed to be anonymous? My suggestion could be implemented tommorrow . How long would yours take? Read more carefully before you post. Peter Trei