At 04:03 PM 2/9/01 +0100, Tom wrote:
If Bob doesn't want legal problems because of Alice, it's safer if he doesn't tell Alice, or at least doesn't do anything different for Alice than he would for any other customer.
that's the problem. so how does alice know if bob doesn't tell?
Some options: - Bob is running the "We Mirror Everything" site - "We Mirror Things for Politically Sympathetic People" - "We Mirror Things Unless we sent you a rejection notice" - (back when Cypherpunks believed there would be digicash Real Soon) Alice sent Bob some anonymous digicash to pay for storage - Alice sent Bob some non-anonymous payment outside your threat model - Bob is a random user running a Napster-like space-sharing protocol, and Alice sent mail to Bob1, Bob2, Bob3, etc. hoping one will work - Bob used a non-direct response method, like posting a receipt to Bob's web site or some random free web site or Usenet acknowledging receipt of "Some-Package-ID" which isn't easily identifiable as being Alice's. Maybe the Package-ID is a token sent along with the package, or a timestamp, or maybe your threat model doesn't mind the receipt being hash(hash(hash(hash(Package)))), which is some hash of the package-retrieval token. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639