-----BEGIN PGP SIGNED MESSAGE----- hughes@ah.com (Eric Hughes):
The automatic broadcast property of Usenet is profoundly broken for the long run, since there is no upper bound on the amount of resources required. More immediately, this property also requires a 100%
One can only reach the conclusion that Usenet is broken if one assumes that the remailers _aren't_. The automatic broadcast property if Usenet is not a problem if you can always determine the source of a message. This isn't an argument against anonymity, but just saying it's a little backwards to say that Usenet has to be redesigned because it doesn't work with the remailers. Why not use technology to solve a technological problem? The difficulty here is that it is impossible for any one remailer operator to prevent someone, say LD, from using the remailer system. The best he can do is stop LD from using his site as an entry point. So why not introduce a little cooperation among operators? This can be accomplished without collusion of the sort that would break anonymity. Pretty much all the remailer operators are 'punks, right? If a critical mass of operators get together and agree to block a standardized set of sources and destinations, then that group of operators will have enough pull to force the other operators to toe the line. The trick is to block messages from remailer _operators_ who refuse to agree to behave as part of the community, effectively isolating the wildcats. An isolated remailer is useless. Should be easy enough to work out -- a posted alert PGP signed by any two remailer operators is immediately implemented, no questions asked. Remailer scripts should include blocking by source, destination, or _content_, as in posts on a certain subject to a certain newsgroup. This would allow blocking of a nutcase using encrypted hops to post to Usenet without having to collude and blow his anonymity. Just say "Sorry, due to abuse of the remailers, we're not going to forward messages about the creatures from Uranus using microwave mind-control any more". This is a complicated idea in a general case, but scanning for subject lines, for instance, could be implemented as easily as scanning for destinations. What we have now is a bunch of single remailers. It's a very small step to create a cooperative group of remailers, and it would provide avenues for solutions to a lot of the potential problems. This is not perfect, but it's better. tytso@ATHENA.MIT.EDU (Theodore Ts'o):
Lance is, unfortunately, pointing out some huge, gaping holes in the current architecture of the Cypherpunks remailers. It would be good if
LD is smart enough to know that you _chain_ remailers for anonymity. I think he wanted us to know it was him, and wanted to see whether or not Hal would blow his anonymity when it came down to it. -- Will -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLWCOLPfv4TpIg2PxAQHOCgP9E2Q4R6ngHIeIv/IPePhcFqJgDaA8B4OO CDS0akeyVXZXMB5b5nCGY2Q0b52LcSHnzUlJ0N/o1COjVNLADNOlcF2k9BcBYUuC cqSWy1fJlx4lwd3P2kMgtk8v+pLHlVLJ4riopp2RXgLVfsesw8aJWOdSBf3bA7ft cBxNJhcI9t8= =BycG -----END PGP SIGNATURE-----