Lucky (wearing his MTB hat) writes:
So when will the user pay with a wildcard coin? To make a payment to a party that is (pseudo-) anonymous to the payor. That is, if the payor sends the payment via anonymous remailer, in which case the messages should be encrypted anyway.
[Why a remailed message should be encrypted is left as an exercise to the reader.]
I don't think that's axiomatic. To be clear, I'm _not_ talking about encryption using the public keys of the remailers in a chain. I certainly do not wish to dispute the advantages of using those. But such encryption is just a form of link encryption. It doesn't prevent the final remailer (or anyone between the last remailer and the recipient) from altering the plaintext payor_id. It seems to me that end-to-end encryption is not significantly more important for remailed messages. Really, there's less information in the message when it emerges from the last remailer, so there's less to protect than in the ordinary case. Furthermore, it may not even be feasible, since I may not have a public key I can associate with my correspondent. -Futplex <futplex@pseudonym.com>