||ugh and I were talking (over an unsecure phone line :-) last night and came up with an interesting idea. The problem: anonymous replies. Under the current system, the solution is simple: create an `envelope' which implements a path back to you. You include this envelope with your outgoing message, and the respondant places the envelope at the front of any messages to be sent back to you. The envelope is a nested encrypted set of Anon-To: lines that remailers strip off as the message is routed back to you. This system has at least two weaknesses for future use, however. The most serious is that the body of the reply is not altered by the remailers, allowing the message to be more easily traced. The second is that there is no provision for remailers to charge for the service. If postage is included in the envelope itself, it becomes a single use device; it is useless for posting to a newsgroup, for example. Both of these problems can be solved by having each remailer forward the message *with*postage*due*. What that means is that the remailer encrypts the message before sending it on, and saves the key used in an account file along with a message id and the amount due. The body is thus altered on each hop, complicating the process of tracing the message. You also are unable to read the message until you have paid the postage on it, which you do by sending a message to yourself via a similar envelope. That message contains stamps which get removed at each step by the remailers, and replaced with the necessary key for reading the mail. When you recieve the second message back, you have the necessary info to read the first, and have paid for its delivery. A variation would allow the respondant to include the necessary postage (you need to specify how much, thus compromising at least the hop count of your route). To keep each remailer's postage seperate, key pairs could be generated, with the public portion kept outside the envelope, and the secret portion sealed within the envelope, openable only by a single remailer. The postage would be wrapped up in successive keys as specified on the outside of the envelope. The envelope would then specify the keys to be used by each remailer to transform the body. All of this requires defining a message as containing an envelope and a contents. The envelope must be able to specify how the contents are to be encrypted at each hop. Perhaps the envelope could be placed in the header of the message as a single field. Details still need to be worked out. Comments? -- eric messick eric@toad.com