At 9:32 AM 11/15/1996, Adam Shostack wrote:
To answer the technical end of your question, you could build a DC net where joining required a signed key, or build a mix which will only accept messages signed by a member of the group. If the mixmasters all agree to only accept messages signed by the group, then each mixmaster can be made a member of the group, and sign its outbound messages as being recieved with a signature, allowing anonymous chaining.
I'll have to research this. Thank you for the idea. What I would really like to see is a way in which the "shields" are not required to participate at all, other than by publishing their public key. If terrorists are involved, they may not wish to be on the suspect list. I've been toying with schemes that multiply the Ns from everybody's public key to create a new semi-anonymous public key. The only problem is that in each case either identity is revealed or the person seeking semi-anonymously reveals their secret key. So, I am not quite there. ;-) Peter Hendrickson ph@netcom.com