Here is an example of how to use the cryptographic remailer at <hal@alumni.caltech.edu> to implement an anonymous return address. Note: this material is a little complicated, but if you will take it a step at a time you will see that there's not really that much to it. Suppose I want to receive mail at my address of 74076.1041@compuserve.com, but I don't want that address to be known. First, I create a file with the following contents. Call it t1: ---------------------- cut here ----------------------- :: Request-Remailing-To: 74076.1041@compuserve.com ---------------------- cut here ----------------------- This is the same as what you would normally put at the front of a message to use the remailer. Note that the last line of the file is blank. Now, I encrypt that file, using PGP, with the public key of the remailer (the key is at the end of this message). I use the command, "pgp -ea t1 alumni". I say "alumni" as a shorthand for the address of the remailer on the keyring. This creates a file, t1.asc, which looks like: ---------------------- cut here ----------------------- -----BEGIN PGP MESSAGE----- Version: 2.01 hEwCG6rHcT8LtDcBAf0YbKADFELfaRay6LFviabwpICAAGMV1Pff8meY3ND5o7hu jNy9hQv2bIMM9IyUCF2LFpgamxmMlSwpGQIVbJLEpgAAAEzDG0ddg2oBmjQFzB4c E0d/k7uE8KgxtCg6Sc+l639LN18sv4UWpq0nnyGRTUGEjL9JqtYZOSlTsiSAFU2c 4RoHslyk51suvGokhod0 =XSHb -----END PGP MESSAGE----- ---------------------- cut here ----------------------- Now, I edit the file by adding lines saying "::", and "Encrypted: PGP", and a blank line, to the beginning (and I delete the blank line at the end of the file), giving: ---------------------- cut here ----------------------- :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.01 hEwCG6rHcT8LtDcBAf0YbKADFELfaRay6LFviabwpICAAGMV1Pff8meY3ND5o7hu jNy9hQv2bIMM9IyUCF2LFpgamxmMlSwpGQIVbJLEpgAAAEzDG0ddg2oBmjQFzB4c E0d/k7uE8KgxtCg6Sc+l639LN18sv4UWpq0nnyGRTUGEjL9JqtYZOSlTsiSAFU2c 4RoHslyk51suvGokhod0 =XSHb -----END PGP MESSAGE----- ---------------------- cut here ----------------------- The content of this file is my anonymous return address. To use it, I make my posting, anonymously, and I say something like: "Anonymous return address: mail to hal@alumni.caltech.edu, with your (possibly encrypted) message preceded by:" and I put in the contents of my anonymous return address file, above. So, to use this anonymous return address, suppose someone wants to send me this message: ---------------------- cut here ----------------------- Hello, I am responding to your anonymous post on cypherpunks. I would like to know more about your anonymous habits. Please post some more. ---------------------- cut here ----------------------- All they need to do is to put the anonymous return address at the beginning, giving: ---------------------- cut here ----------------------- :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.01 hEwCG6rHcT8LtDcBAf0YbKADFELfaRay6LFviabwpICAAGMV1Pff8meY3ND5o7hu jNy9hQv2bIMM9IyUCF2LFpgamxmMlSwpGQIVbJLEpgAAAEzDG0ddg2oBmjQFzB4c E0d/k7uE8KgxtCg6Sc+l639LN18sv4UWpq0nnyGRTUGEjL9JqtYZOSlTsiSAFU2c 4RoHslyk51suvGokhod0 =XSHb -----END PGP MESSAGE----- Hello, I am responding to your anonymous post on cypherpunks. I would like to know more about your anonymous habits. Please post some more. ---------------------- cut here ----------------------- They would then send this to hal@alumni.caltech.edu. The remailer would decrypt the PGP block, finding the "Request-Remailing-To" line, and then send it on to me. If I had posted a PGP public key along with my anonymous return address, they could have encrypted their message text as well, and put the A.R.A. in front of it. The resulting message would have looked something like: ---------------------- cut here ----------------------- :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.01 hEwCG6rHcT8LtDcBAf0YbKADFELfaRay6LFviabwpICAAGMV1Pff8meY3ND5o7hu jNy9hQv2bIMM9IyUCF2LFpgamxmMlSwpGQIVbJLEpgAAAEzDG0ddg2oBmjQFzB4c E0d/k7uE8KgxtCg6Sc+l639LN18sv4UWpq0nnyGRTUGEjL9JqtYZOSlTsiSAFU2c 4RoHslyk51suvGokhod0 =XSHb -----END PGP MESSAGE----- -----BEGIN PGP MESSAGE----- Version: 2.01 hIwCqBMDr1ghTDcBA/sGAyloGGHX/CBNRFOkov8RGNxNw/HqehwZ3yT5r0n45qAt AKmETej9GyJVFLZ5Oom7cqFN6+ARaZpp4LFqaxGF7phxC6l9HEPh2zI7w2G1/Df6 pMIwJJ7G+0vk7qBKoctmanNkYVTIb/bKAxJAbK6mUfcXPdRjyUaT/vf2X9RocKYA AAB/sjDjuW2cSN7o3HOKvQ4s+CyqshOGWe7xLRIfSBVyL2PXFOJKx7QMVdRyzDwC HO62PhXswqTlgxqIod0EXDzfEA8kI4Oz2gp45AMy8ElT1nV1jEKjCGC6HWGDU/P5 ZCTPgzOgmLetDNi5Yf8cPDMTHQ3Dcl7vDyNhpMD4+fdFog== =8FPE -----END PGP MESSAGE----- ---------------------- cut here ----------------------- The first PGP message is my anonymous return address, and the 2nd PGP message (which the remailer won't try to decrypt) is the encrypted message for me. If more people will implement cryptographic remailers, you will be able to create more secure ARA's which are "nested" so that they go through two or more remailers, and no one remailer will see the correspondence between your ARA and your real address. How might you use an ARA? You could create a pseudonym, and a public key corresponding to it. You could post anonymously, using our current remailers, to this list or another list. You could sign your messages using the public key of your pseudonym, so no one else could pretend to be you. And you could put an ARA into your messages so people could reply to you. They could reply anonymously if they wanted to, and could supply you with an ARA of their own. People could communicate freely under their online net identities, with cryptographic protection of their True Names, a la Vernor Vinge. Hal P.S. Here again is the public key of the remailer at <hal@alumni.caltech.edu>. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.01 mQBNAisCtU0AAAEB/jNOYzN1B2YzOxlK/Zb6axoOaGlPq5I7DV9GH3hcGRN5N6Fi T4sRLhi53Sc5rUdYDa8mFQd4tqvFG6rHcT8LtDcABRG0KlJlbWFpbGluZyBTZXJ2 aWNlIDxoYWxAYWx1bW5pLmNhbHRlY2guZWR1Pg== =K00H -----END PGP PUBLIC KEY BLOCK-----