Hal Finney writes:
I think this is an interesting theoretical discussion, although it's not clear whether it is actually a good idea to try implementing this.
Yeah, I just floated it as a trial balloon of sorts. It seemed like a way to "harden" the list somewhat without forcing users to go to full encryption. I had a few extra brain cells to burn off yesterday. Your points are entirely correct, though: you have to trust the list admin, and you have to have some faith in the Majordomo software not to retain your ID once it generates your token. The usual eavesdropping concerns remain as well. [snip]
An alternative similar to what I proposed earlier is for majordomo to provide a blinded token, one which it doesn't see. This would be used specifically for anonymous postings.
In your scheme, I presume one would get a blinded token (in an encrypted message) when subscribing, and postings from non-subscribers would be checked for a valid token? (Please correct me if I'm wrong. . .)
It does have the problem that it allows linking postings by the same pseudonymous nym - all will have the same token. But maybe we want to encourage that.
Probably not the worst thing in the world.
(The full proposal I made involved use-once tokens, just like online digital cash, so that there would be no linkage and it would allow real anonymity.)
Hmm, an interesting tie-in. Maybe one could "buy" tokens to post anonymously? It'd give new meaning to the phrase "putting your money where your mouth is." :-) Thanks for the feedback! (returning to lurk mode now. . .)