Jim Dixon: | In message <199408051528.LAA18523@cs.oberlin.edu> Jonathan Rochkind writes: | > You seem to be talking about a Julf-style anon system, where the system | > knows who you really are. If the system is corrupt, if Julf were an | > NSA agent, then the entire system is compromised and useless. | | If you are using unmodified Internet hardware and TCP/IP as the underlying | transport system, then your point of entry into a remailer network | definitely knows which machine is originating a message and the point | of exit definitely knows where it is going. IP is not reliable & trustworthy. It it was, RFC931 ident servers would be useful. ;) Theres source routing to make packets appear to come from someplace else, and there is outright forgery, which has limits, but can work quite well. For a good discussion of some of TCP/IP's reliability & trustworthyness, see Steve Bellovin's paper, research.att.com:/dist/internet_security/ipext.ps.Z An aside: Does anyone care to share thoughts on IPng's security features? Adam -- Adam Shostack adam@bwh.harvard.edu Politics. From the greek "poly," meaning many, and ticks, a small, annoying bloodsucker.