:Lance Cottrell writes: : :> I have been meditating on this problem of return :> addresses, and have a proposal. The remailers :> can not be allowed to choose the return path, :> as any corrupted remailer will corrupt the rest :> of the path. : Jim Miller writes: :As I understand it, the remailers don't "chose" the return path, Bob (the :sender of the original message) choses the return path when he creates the :SASE. All the remailers do is interpret the part of the SASE that becomes :readable to them after decrypting the SASE portion sent to them from the :previous hop. If all is working, what becomes readable is the address of :the next hop (closer to Bob) and some misc other stuff (postage, maybe, :and perhaps another encryption key). : :Am I not understanding something correctly? : :Jim_Miller@suite.com : One SASE scheme recently suggested involved sending a request for a SASE to a ramailer, stating the number of jumps required. It then sent it to another remailer, and so on. Each adding a layer, and eventually sending the results to the desired correspondent. I mentioned that if the first remailer was corrupted, that the whole chain was (it would only send to other corrupt remailers). ---------------------------------------------------------- Lance Cottrell who does not speak for CASS/UCSD loki@nately.ucsd.edu PGP 2.3 key available by finger or server. "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche ----------------------------------------------------------