On Fri, 12 Jan 1996 22:25:53 GMT, I wrote:
The remailer could calculate a hash for the body of each encrypted message received (the same portion which will be decrypted by PGP), tabulate the last few thousand hashes, and simply discard any messages with a duplicate hash. The target of the attack would receive only the first copy of the message.
To refine this a bit further, the hash need not cover the entire message. It could be sped up a bit by restricting it to the header containing the encrypted session key. Since the session key is selected randomly, that header (and its hash) should be unique for every message. The hash values could also be retained for a fixed period of time -- perhaps 23 hours -- following the most recent receipt of a given hash. Thus a message could be repeated by the legitimate sender after a delay of 24 hours, and would be forwarded. The original sender could re-encrypt the message (thus changing its hash) earlier than that, and it would be properly forwarded. A canned message on the other hand, being sent from multiple locations, would likely be received more often than this and not forwarded after the first time, even if each sender only sent it once a day. You could even penalize messages for which you've received massive dupes, by extending the hash retention time by, say, 12 hours for each dupe received. If you got a message 100 times in one day, you'd refuse to forward any duplicates for nearly 2 months. This would take care of those on vacation at the time of the original attack, and those with very slow news feeds.