One last note about practicality. We live in a world with pay telephones, which anyone may use to threaten anyone else, anonymously. Shall we eliminate pay phones? Today in the United States, a uniformed agent of the government will deliver your anonymous threat to your victims door for only US$0.29. Shall we eliminate the Postal Service?
This is different than anonymous remailers currently. Why? Because pay phones and letters *cost* *money*. So, I have a proposal. Have someone *sell* signed keys, for real money. The only purpose of the signature is so that someone can verify that it's been paid for. It can be bought out of band. For example, I can email the signing agent my public key, and paper-mail a money order with no return address. Maybe in the future, we can just use digital money. When he gets my money, he signs my key and sends it back to me, possibly via some remailer or whatever. Now, when I send a message via a remailer, the mailer checks to see if the message has been signed by a key which has been signed by the key signing agent. If it has been, then it forwards the mail. If not, it doesn't. Now, here's the trick. If too many people complain about a particular sender (see below), the key gets revoked by the signing service. This means flooding newsgroups, slander, etc., *costs* *real* *money*. This is a big encouragement not to abuse the net, because it costs money. Perhaps we even have different levels of signing, based on costs. Pay $1, and the remailers will let you send to alt groups only. Pay $10, and you can send to alt, soc, misc, talk, and some set of high-traffic, low-signal lists. Pay $100, and you can post anywhere, including individuals. These are all example numbers, of course. - People can easily remain pseudonymous. - There is a monetary incentive not to be a bonehead. - Revocation is possible. There's no punishing wrongdoers, but people aren't likely to put much credence behind anonymous claims. - This works like the Real World. People with enough money can create false identites for themselves, anyway. - Remailer owners can choose which signing agents to trust. Other than monetary schemes might be able to be set up. For instance, if you can get five real, trustable people to vouch for your pseudonym, you win. If you screw up, their reputations become tarnished, as well. I guess all this is is a positive reputation scheme, bootstrapped by money, which is more important to some people than reputation, anyway. I mean, someone willing to go through the bother of spending $10 to get his key signed is either very bored, or has to have something to say. Now, back to complaints. What constitutes a complaint? Each certifier would probably have to decide this on their own. Some might choose never to revoke a signature. Some might do it only after some number of complaints. Some might come up with systems of arbitration, with judges, voting, and everything. The remailers can vote with their feet: whichever signing agents match the policies they like, they trust. And recipients (like newsgroups, mailing lists, or even individuals) can choose to accept messages only from remailers they "trust". So, we have a fairly complex system with multiple degrees of freedom, where endusers can pick and choose from among the policies they like best. This is sort of like credit card purchases. Hertz is willing to rent me a car based on Visa's evaluation of my creditworthyness. Similarly, large-public-mailing-list@site.domain can decide to accept messages from a given remailer, based on their published policies. Actually dealing with signatures isn't their problem. It's to the signing agent's advantage to be trustworthy, or else nobody will pay attention to his signatures, and nobody will give him money to sign their keys. Poof, a free market. It isn't simple, but I think one thing we can all agree on is that no solution to these problems we are facing will be both adequate and simple. Marc