I have to agree with Peter Honeyman that Marc Horowitz's proposal that remailers reveal message sources under certain conditions wouldn't work well. Remailer users will prefer remailers which won't do this. So reputations and such will tend to push things in the opposite direction. Also, I'd point out that the Pax remailer actually did maintain a database of anonymous addresses with the corresponding real addresses. So it already worked much as Marc suggested. You can actually send mail to someone who posts anonymously through Pax just as easily as you could send to someone who posted non-anonymously. So if you want to complain about some offensive posting or email to the person who did it, you still could with Pax. These features didn't stop Pax from getting shut down. Marc's suggestion that commercial users could run remailers without pressure from NSF sounds good in theory, but it's not clear how well it would work in practice. I don't think Cypherpunks could run such a remailer, even if Marc is right and it would cost $10 per Cypherpunks reader per month. I doubt that many people would be willing to make this charitable contribution for what would be a public good - a remailer that anyone could use. Even if it could be done, one remailer isn't enough. We need many remailers so that no one remailer can expose users. I think the best bet would be a commercial site which has a connection for other reasons, and which is willing to run a remailer on the side. I don't know what kinds of sites use these commercial connections. The commercial Internet access that I am aware of is through companies like Compuserve, Portal, Netcom, the WELL, and so on, and I think they all have to abide by the NSF acceptable use policies. At least, I had to agree to those on Portal and I think on Compuserve. What would be an example of a site with commercial Internet access which would be free of NSF pressure? One other point I'd make with regard to Marc's message is that if PGP itself is the problem, there's no reason the remailers can't use RIPEM. That's legal in the U.S., so the legality issue would not arise. This might be a good approach to take in broaching the subject with administrators. I haven't looked at RIPEM much but I'm sure the remailers could use it just as easily as PGP. Even non-encrypting remailers can provide basic anonymous posting and mail, if those would be more acceptable. A final point is that forwarding mail for another person can hardly be made illegal in general. If I receive a message from person A asking me to forward it on to person B, and I do so, this is clearly a legitimate email message that I choose to send. To try to disallow this would be to put intolerable restrictions on email content. So, if this is allowed, it seems to me that I should be able to write a program to do what I am allowed to do manually. If these remailers could be made widespread, with tens of thousands of people running them as a routine service, I think a crackdown would be much more difficult. I think we need to educate users about the value of privacy and anonymity in order to encourage more people to run remailing software. Can anyone suggest a newsgroup where these kinds of discussions would be appropriate? Hal Finney 74076.1041@compuserve.com
One other point I'd make with regard to Marc's message is that if PGP itself is the problem, there's no reason the remailers can't use RIPEM. That's legal in the U.S., so the legality issue would not arise. This might be a good approach to take in broaching the subject with administrators. I haven't looked at RIPEM much but I'm sure the remailers could use it just as easily as PGP. Even non-encrypting remailers can provide basic anonymous posting and mail, if those would be more acceptable.
I thought about this. The major problem is that once the PEM beta-testing period ends, all keys must be registered with "approved" (by RSA) central authorities. I highly doubt they'd issue pseudonymous keys, but maybe they would allow someone to set up a heirarchy especially for that purpose. I'm not convinced. Marc
Marc Horowitz says:
I haven't looked at RIPEM much but I'm sure the remailers could use it as easily as PGP. Even non-encrypting remailers can provide basic anonymous posting and mail, if those would be more acceptable. I thought about this. The major problem is that once the PEM beta-testing period ends, all keys must be registered with "approved" (by RSA) central authorities.
Oh, NO! RSADSI will CERTIFY you keys, IF YOU WISH; and they'll certify your PERSONAL keys for free (unlike any other level of "confidence", which MAY cost money :-)... Where did you get this idea from? [Also it's my understanding, that one could use other certifying authorities besides RSADSI]. -- Regards, Uri uri@watson.ibm.com scifi!angmar!uri N2RIU ----------- <Disclamer>
From cypherpunks-request Fri Jan 15 09:38:17 1993
A final point is that forwarding mail for another person can hardly be made illegal in general. If I receive a message from person A asking me to forward it on to person B, and I do so, this is clearly a legitimate email message that I choose to send. To try to disallow this would be to put intolerable restrictions on email content. So, if this is allowed, it seems to me that I should be able to write a program to do what I am allowed to do manually.
I don't believe the analogy holds up. In dealing with it manually, police would expect that there's a chance that they could haul you into court and ask you for names and dates. In the manual situation, you are responsible as editor, a responsibility you're looking to get away from. The law would prefer that someone is responsible, so they may try to find a way to hold someone responsible. Chris
I thought about this. The major problem is that once the PEM beta-testing period ends, all keys must be registered with "approved" (by RSA) central authorities. I highly doubt they'd issue pseudonymous keys, but maybe they would allow someone to set up a heirarchy especially for that purpose. I'm not convinced.
I found out last Friday at the RSA conference that RSADSI itself is going to issue "persona" (i.e. no attempt to find out who it really is) certificates for free. That's right. No charge. Eric
participants (5)
-
Chris Hibbert
-
Eric Hughes
-
Hal
-
Marc Horowitz
-
uri@watson.ibm.com