There have been quite a few responses to the email I posted the other day regarding pay-per-use remailers. I'm going to try to follow up on all of them in this one message. First of all, the fact that I brought up the topic of pay-per-use remailers shouldn't be interpreted to mean that I think that is what needs to be done next in improving the remailer network. As I told those of you at the last cypherpunks meeting, there are more immediate concerns and necessary improvements to be made. Ryan Lackey, Steve Schear and Mr. Melon covered some of the big ones in one of their recent posts. However, I don't think it is a bad thing to be discussing digital cash remailers, since I am convinced that they are an eventual necessity. Anonymous and Meyer Wolfsheim pointed out that the tracking idea doesn't depend on digital cash, and that one could use a nonce for that purpose. Yes, this is certainly true -- I was interested in hearing thoughts on the feasibility of hearing them together. (It seems to me that combining the two will give additional benefits, such as the ability for the user to re-use tokens from the latter part of a chain if the message dies in the former part of a chain, etc., etc.) While I new that the pay-per-use remailer model I was describing had been demonstrated many times before, I hadn't been aware that John Gilmore had proposed a similar system reliability tracking system. I'd appreciate pointers to that so I can read it. Anonymous claimed that I contradicted myself in my description of the remailer tokens. Let me clarify: rather than being an openly traded currency, like dollars, the only people who need to be able to turn remailer tokens back into "real cash" are remailer operators. Expect a money-changing fee as well. (BTW, I prefer the term "remailer stamps" than "remailer tokens." I think users will understand this better.) There could certainly be multiple mints, as Tim points out, and remailers could be their own mint. I suspect some remailers would go this route to eliminate the money-changing fees, but I was simplifying for my description. Meyer and Ryan bring up the point that buying tokens/stamps from a "remailer stamp vendor" would identify one as a remailer user. I pointed out in my original message the necessity of a "crowd" of remailer users, but I'm surprised to see this as a real objection. Mix-nets are designed to work against an opponent who can see all network traffic, and in that scenario, everyone who is a remailer user is already identified. Don't forget this. Publishing failure notifications with sender-provided keys, as Steve Schear suggests, seems likely to have large implementation and usage hurdles. (A separate user's public key for each remailer in the chain would have to be sent along with each message, and managing this would become quite difficult for the user.) Ryan discusses some of the things needed to run a remailer. One of the things on his list is "a fuck the law attitude". Frankly, it doesn't matter what your attitude is, how much hardware you have, etc, if your ISP will shut you down under pressure because of complaints. Even if DSL is technically sufficient to run a remailer, being a DSL customer is not. Not everyone hosts their remailer server in a data center known to fire warning shots at approaching military vessels. Greg Broiles is nobody as far as Speakeasy is concerned, and shutting him off was a simple solution to the abuse complaints they were receiving. Had he been a leased line or collo customer, the situation would probably have been different. Additionally, Ryan has a list of "what remops want." I suspect that varies greatly by remop. He completely missed my personal motives for operating mine. Ryan is taking the stance that we need "better, not more" remailers. I tend to agree, but I can't see many companies spending a lot on their remailers if there isn't a source of revenue. On the mixmaster-devel and remops lists, we've been discussing the needed improvements to Mixmaster and remailers in general a lot recently. I won't go over them here. If you're interested, join the discussion on the mixmaster-devel list. One thing that hasn't been mentioned a lot, but that Ryan touched upon just now, is better two-way communication. We need a good nym system, and reply-blocks don't cut it. In conclusion, I leave you with a question: if remailer users are reduced to a small number of high-paying remailer customers for whom anonymity is not a game, but a matter of life or death, could a mix-net be made to provide any sufficient degree of security? "No" is the easy answer. Say yes, and prove it. --Len.