I wonder if full crypto anonymity as we envision it will be stable? I'm very concerned about the problem of anonymous users intentionally flooding the network with garbage in order to bring it to its knees. Current practice, in the non-anonymous world, is to trace excess traffic to its source and stop it from being generated. This will no longer be possible when true anonymity is available. This would particularly be a problem if a remailer is willing to forward an incoming message to more than one destination. In that case, by sending a single anonymous message, a saboteur could generate an exponential amount of net traffic. This would be bad. Two basic precautions for a remailer to take are 1. To require a 1-1 correspondence between input and output messages. 2. To require that the address portion of the message shrink at each step (preventing infinite loops). If this is done, then the saboteur's original message can be at most n-fold replicated, where n is the maximum number of remailer hops allowed. However, I still have some fundamental concerns that an anonymity-based system is vulnerable to flooding and denial of service by the bad guys, including Big Brother, who may wish to prevent effective use of such systems. This may make operating a remailer a difficult proposition. I'm discouraged. Any thoughts? -- Marc Ringuette (mnr@cs.cmu.edu)