(fwd) "Will You Be a Terrorist?"
Cypherpunks, Not all of you like posts that mention "guns" in any form, so if this the case for you, hit "D" now. I think the recently-passed Crime Act has implications for what some are calling "terrorist speech" and that Cypherpunks remailers may be construed as "PROVIDING MATERIAL SUPPORT TO TERRORISTS" in the context of being "communications equipment." Consider this "food for thought." An excerpt, and commentary by the original anonymous poster, is included below. I know that our favorite optimists, Duncan Frissell and Sandy Sandfort, are fond of saying that it's already over, that we've already won, that the state is powerless, etc., but when I read the text of the Crime Bill (available from ftp.nra.org in pub/legislation), I just can't buy that. I see a growing police force, I see U.N. blue helmets, I see many more prosecutions for a growing list of crimes, I see my gun rights being taken away, and on and on. In the section below, read carefully the sections about providing support for "terrorists." Note that belonging to a pro- or anti-abortion group in which _one_ of the members uses violence (a fistfight, a jostling of a cop, or a shooting...) makes the group a "terrorist" group, under the new language of the Crime Act. I will not be surprised to hear that the Cypherpunks group is classified as a terrorist group, for a variety of reasons (not the least of which was the "liberation" of the RC4 code, the Mykotronx-government deal info, the debates about undermining the government, the talk of assasination markets, etc.). Sorry, but I just can't "Don't worry, be happy." --Tim May Newsgroups: talk.politics.guns From: anonymous@extropia.wimsey.com Subject: "Will You Be a Terrorist?" Message-ID: <199409120907.AA15385@xtropia> Date: Mon, 12 Sep 1994 02:07:16 -0700 X-Mailer: mail-news 2.0.3 Remailed-By: remail@extropia.wimsey.com Comments: This message was anonymously remailed. Do not reply to the address in [Check it out - Cross-posted from Fidonet:] The "Crime Bill" passed by Congress recently (truename: Violent Crime Control and Law Enforcement Act of 1994) has a frightening provision that hides a boogeyman under its superficially appealing surface: *----------* *----------* *----------* SEC. 120005. PROVIDING MATERIAL SUPPORT TO TERRORISTS. (a) Offense.--Chapter 113A of title 18, United States Code, is amended by adding the following new section: ``Sec. 2339A. Providing material support to terrorists ``(a) Definition.--In this section, `material support or resources' means currency or other financial securities, financial services, lodging, training, safehouses, false documentation or identification, communications equipment, facilities, weapons, lethal substances, explosives, personnel, transportation, and other physical assets, but does not include humanitarian assistance to persons not directly involved in such violations. ``(b) Offense.--A person who, within the United States, provides material support or resources or conceals or disguises the nature, location, source, or ownership of material support or resources, knowing or intending that they are to be used in preparation for, or in carrying out, a violation of section 32, 36, 351, 844 (f) or (i), 1114, 1116, 1203, 1361, 1363, 1751, 2280, 2281, 2331, or 2339 of this title or section 46502 of title 49, or in preparation for or carrying out the concealment of an escape from the commission of any such violation, shall be fined under this title, imprisoned not more than 10 years, or both. ``(c) Investigations.-- ``(1) In general.--Within the United States, an investigation may be initiated or continued under this section only when facts reasonably indicate that-- ``(A) in the case of an individual, the individual knowingly or intentionally engages, has engaged, or is about to engage in the violation of this or any other Federal criminal law; and ``(B) in the case of a group of individuals, the group knowingly or intentionally engages, has engaged, or is about to engage in the violation of this or any other Federal criminal law. ``(2) Activities protected by the first amendment.--An investigation may not be initiated or continued under this section based on activities protected by the First Amendment to the Constitution, including expressions of support or the provision of financial support for the nonviolent political, religious, philosophical, or ideological goals or beliefs of any person or group.''. (b) Technical Amendment.--The chapter analysis for chapter 113A of title 18, United States Code, is amended by adding the following new item: ``2339A. Providing material support to terrorists.''. *----------* *----------* *----------* In the U.S. Title 18 Code, terrorism is defined as "engaging in any act or conspiring to engage in any act intended to intimidate or coerce the civilian population or the government" or close words to that effect. What does this mean? Suppose you organize a militia and some little jot or tittle is just that much off -- and the thugs at the BATF or FBI or NatPol decide that your militia is an "armed group"? They can now seize your house, your car, your bank account and anything else even remotely connected with the maintenance or support of the militia, and make *you* prove your innocence before the Federal thugs will grudgingly return your life to you. Suppose you participate in a demonstration against abortion and just one member of the peaceful demonstration gets into a fistfight with an escort. You had given a ride to this demonstrator -- is the fistfight "terrorism" and you a collaborator in this "terrorism" to be arrested and thrown in jail and your car seized until you can prove that you did not know that the other demonstrator did intend to fight with an escort? Suppose you demonstrate against national health care and you yell that Clinton should be thrown out of office and make a threatening gesture -- will the thugs treat this as an "attempt to intimidate the government" and take your car and perhaps your home if you used it to prepare materials for the demonstration? Suppose you quote Thomas Jefferson's words about a revolution being due every twenty years -- will you be thrown into jail for that? Note that the above section does not allow anything but "NON-violent" goals. This is another direct attack upon the First Amendment and deeply disturbing in its implications when considered as part of a set of other federal statutes scattered across Title 18 criminal law. ***end of quoted section*** -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
In article <199409171745.KAA03257@netcom8.netcom.com>, Timothy C. May <tcmay@netcom.com> wrote:
I think the recently-passed Crime Act has implications for what some are calling "terrorist speech" and that Cypherpunks remailers may be construed as "PROVIDING MATERIAL SUPPORT TO TERRORISTS" in the context of being "communications equipment."
I don't see why anonymous remailers are singled out: as written, it seems that *any* electronic service could be singled out for this (for example, netcom doesn't require proof-of-identity credentials). (Shudder) "Envision burning police cars." In any case, perhaps a way around this can be found: what we may need is "stealth remailers," software that will behave as a remailer through non-obvious "security holes" with correct cooperation from software the original user runs. For example, hack sendmail so that it never wants to reverse-lookup DNS and given a particular set of commands (saying "EHDR" for 'enhanced headers') will operate as an anonymous remailer. Such sendmail-hackage could be distributed with other changes that give enhanced security (for example, that turn off EXPN and VRFY) so that people could claim that they had no idea that they were operating an anonymous remailer. To add encryption to this model, perhaps changes to sendmail could be fashioned that incorporate encryption in such a way that it appears to be purely intended for protection of mail going to the machine, but a side affect could be that every so hacked sendmail becomes a remailer. This has one problem, though: so far, you can't chain with this model. You could fashion a way to cross information from message content to envelope: but that's not a change to sendmail that can be lightly made -- you'll get random lossage from people whose messages unwittingly almost fit your protocol. So, what's further needed is a comment field in the message envelope that can be chained. This would be fairly trivial to add to the RFC822 protocol, and "extra stealth code" could take care of Advantage? A lot of people, I think, would like to add encryption to the MTA layer of mail if it could be done seamlessly. If these changes allowed the hacked sendmail to negotiate with the destination sendmail to determine whether or not it is also hacked, falling back to standard operation if the other one is not, then it's seamless. This is a good feature to have generally available: a fair number of people would install it just on these merits. Of course, the existence of these "stealth features" would be an open secret: however this would lend, to take a phrase from the crytofascists, "plausible deniability." 'Sorry, I just heard about a more secure sendmail and ftp'd it. Didn't say anything anywhere about this in the README files....' Everybody still with me? Anybody? Sound like work people are willing to do/think is worth doing? I'd certainly be willing to do some work on this -- might even be able to justify it as part of my real job, which does involve designing and implementing encrypted protocols. -- L. Todd Masco | "A man would simply have to be as mad as a hatter, to try and cactus@bb.com | change the world with a plastic platter." - Todd Rundgren
In article <199409171745.KAA03257@netcom8.netcom.com>, Timothy C. May <tcmay@netcom.com> wrote:
I think the recently-passed Crime Act has implications for what some are calling "terrorist speech" and that Cypherpunks remailers may be construed as "PROVIDING MATERIAL SUPPORT TO TERRORISTS" in the context of being "communications equipment."
I don't see why anonymous remailers are singled out: as written, it seems that *any* electronic service could be singled out for this (for example, netcom doesn't require proof-of-identity credentials).
I didn't they *are* singled out, just that the Crime Act has some implications for remailers, should the authorities seek to apply the law. And as for Netcom and similar services not requiring proofs of identity, I expect this to change over the next few years (a combination of the Crime Act, the upcoming immigration legislation, and fears that the Net is too unregulated).
In any case, perhaps a way around this can be found: what we may need is "stealth remailers," software that will behave as a remailer through non-obvious "security holes" with correct cooperation from software the original user runs.
Any port 25 in a storm? Exploitation of holes is a classic case of "security through obscurity," useful only for short periods of time, and never very certain.
Of course, the existence of these "stealth features" would be an open secret: however this would lend, to take a phrase from the crytofascists, "plausible deniability." 'Sorry, I just heard about a more secure sendmail and ftp'd it. Didn't say anything anywhere about this in the README files....'
Everybody still with me? Anybody? Sound like work people are willing to do/think is worth doing? I'd certainly be willing to do some work on this -- might even be able to justify it as part of my real job, which does involve designing and implementing encrypted protocols.
Stealth remailers is a good thing to work on, I agree. I'd first settle for having more offshore remailers. There are all sorts of other schemes, too. Under the Crime Act and RICO statutes, we may be committing consiracy merely by talking amongst ourselves. (Maybe this is an exaggeration, as I'm not a lawyer and have no desire to become one.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
Timothy C. May writes:
I didn't they *are* singled out, just that the Crime Act has some implications for remailers, should the authorities seek to apply the law.
Didn't mean to imply you were: I was just thinking that this is the first legal manifestation of using the threat of a Horseman against anonymity on the net, of any sort.
In any case, perhaps a way around this can be found: what we may need is "stealth remailers," software that will behave as a remailer through non-obvious "security holes" with correct cooperation from software the original user runs.
Any port 25 in a storm? Exploitation of holes is a classic case of "security through obscurity," useful only for short periods of time, and never very certain.
Well, "security holes" is a bit loose of a term; I was thinking out loud, as it were. The concept, as evolved later, is to distribute a set of features to be added to the RFC-822 protocol that will allow security, including remailer support (though not stated as such). This isn't really an STO: it's more the providing a suite of features: including features that we want along with features that will help spread the whole set.
Stealth remailers is a good thing to work on, I agree. I'd first settle for having more offshore remailers.
Sure. But that doesn't help the channel between inside the US and outside -- IE, the channels that the NSA is chartered to eavesdrop on (yes, as Eric likes to say: the NSA and the FBI are different. But imagine that at some point in the future the NSA, hard pressed to justify its existence, starts passing data to other agencies). Right now, there aren't that many IP channels to outside the country, so they're pretty easy to tap.
Under the Crime Act and RICO statutes, we may be committing consiracy merely by talking amongst ourselves. (Maybe this is an exaggeration, as I'm not a lawyer and have no desire to become one.)
That thought crossed my mind, too, but since we aren't talking about any illegal activities, merely protocols that might facilitate the same while also facilitating privacy, I think we're fine. Of course, given the stretches made by Law Enforcement for civil forfeitures, the E911 Neidorf thing, and others, perhaps it's time to start seriously looking at hacking list software to create mailing lists that are fully anonymous and encrypted. Has anybody started on such a project? -- L. Todd Masco | "A man would simply have to be as mad as a hatter, to try and cactus@bb.com | change the world with a plastic platter." - Todd Rundgren
[...] perhaps it's time to start seriously looking at hacking list software to create mailing lists that are fully anonymous and encrypted. Has anybody started on such a project? I'd suggest that a much more productive avenue of approach would be to improve the aliasing facilities of a remailer provider to allow a pseudonym to look like a fully normal name. Ownership of root is not necessary for this. I know that Matt Ghio's mail delivery set up allows this. At his site there's this 'name+extra' syntax which delivers mail to 'name', but because of a special sendmail version 8 macro in the Received: field both the 'name' and the 'extra' can be recovered. The 'extra' is then an input into a remailer as a pseudonym. The aliasing has to happen somewhere. It can happen at the mailing list exploder or at the remailer. Since the mapping at the remailer is of much more general use, and since it allows one to leverage _all_ forms of mail communication and not just mailing list, it seems like a much better place for that mapping to exist. Implementation inside a remailer is a duplication of function--almost always a bad thing. Eric
I'd suggest that a much more productive avenue of approach would be to improve the aliasing facilities of a remailer provider to allow a pseudonym to look like a fully normal name.
it's done. omega.c2.org http://www.c2.org/services/blindserver.html http://www.c2.org/services/blindclient.html
Ownership of root is not necessary for this. I know that Matt Ghio's mail delivery set up allows this. At his site there's this 'name+extra' syntax which delivers mail to 'name', but because of a special sendmail version 8 macro in the Received: field both the 'name' and the 'extra' can be recovered. The 'extra' is then an input into a remailer as a pseudonym.
The aliasing has to happen somewhere. It can happen at the mailing list exploder or at the remailer. Since the mapping at the remailer is of much more general use, and since it allows one to leverage _all_ forms of mail communication and not just mailing list, it seems like a much better place for that mapping to exist. Implementation inside a remailer is a duplication of function--almost always a bad thing.
Eric
-- sameer Voice: 510-841-2014 Network Administrator Pager: 510-321-1014 Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383 http://www.c2.org (or login as "guest") sameer@c2.org
In article <35gl4b$qtn@bb.com>, I blathered:
I do have a couple questions that aren't terribly related:
- Are there any known PK message formats that commute? It seems clear to me that PGP and RIPEM do not, since that makes no sense for private key ciphers like DES/3DES and IDEA.
I have no idea why I phrased so badly: clearly, commuting makes sense with DES and IDEA. What I meant was "since it doesn't make sense for compound message formats where the private keys are encrypted in public key ciphers, as IDEA is in PGP and DES/3DES are in RIPEM. Serves me right for posting after being awake for so long. -- L. Todd Masco | "A man would simply have to be as mad as a hatter, to try and cactus@bb.com | change the world with a plastic platter." - Todd Rundgren
In article <9409172331.AA12848@ah.com>, Eric Hughes <hughes@ah.com> wrote:
[...] perhaps it's time to start seriously looking at hacking list software to create mailing lists that are fully anonymous and encrypted. Has anybody started on such a project?
I'd suggest that a much more productive avenue of approach would be to improve the aliasing facilities of a remailer provider to allow a pseudonym to look like a fully normal name.
I'm not sure that's a good solution. When the Bad Guys go to the site that originated the message and say "we want Alfred E. Neuman at your site" (for publication of plans of some sort of machine), the remailer operator could get busted for aiding & abetting. Sure, Alf's real life human will be safe, but it'd be nice to protect the remailer operator, too. True, the "identity stripping" can be done by a remailer as well; However, it's trivial enough to do at the mailing list software level (simply not including information) that it seems like it's not a bad thing to do. Now, this won't give protection from traffic analysis; In was suggestion, I was really blurring two seperate lines of thought (I'm interested in PGPified mailing list software for content-hiding reasons; I'm trying to set up a "distributed business" that I'd like to keep secure). Also, though, I'm not sure I want to count on anonymous remailers being available. If people want to effectively "chain" them, that's fine.
Ownership of root is not necessary for this. I know that Matt Ghio's mail delivery set up allows this. At his site there's this 'name+extra' syntax which delivers mail to 'name', but because of a special sendmail version 8 macro in the Received: field both the 'name' and the 'extra' can be recovered. The 'extra' is then an input into a remailer as a pseudonym.
Sure. I'm familiar with AMS (in fact, one of my business partners is one of the current news/postmasters at CMU, and is helping design and produce IMAP, its replacement). Another, better I think, possibility is to add headers and let the MUA sort it out: you don't have to depend upon non RFC-822 features in the MTA. Nonstandardness is not a game you want to get into for things like e-mail unless you have the sort of clout that CMU/Andrew does.
The aliasing has to happen somewhere. It can happen at the mailing list exploder or at the remailer. Since the mapping at the remailer is of much more general use, and since it allows one to leverage _all_ forms of mail communication and not just mailing list, it seems like a much better place for that mapping to exist. Implementation inside a remailer is a duplication of function--almost always a bad thing.
I'm not sure I buy that duplication of function is a bad thing in this case: throwing information away more than once can't be worse than only throwing it away once, can it? ----- I do have a couple questions that aren't terribly related: - Are there any known PK message formats that commute? It seems clear to me that PGP and RIPEM do not, since that makes no sense for private key ciphers like DES/3DES and IDEA. - What I want (for other purposes) is a mailing list that has its own public key; Material is encrypted to it, it decrypts it, and then the material is encrypted with each recipient's public key (I'm assuming a PGP base here). Probably simply to do, but has anybody done it? No pretense of protection from traffic analysis here: just to keep prying 3rd parties' eyes off it. -- L. Todd Masco | "A man would simply have to be as mad as a hatter, to try and cactus@bb.com | change the world with a plastic platter." - Todd Rundgren
I'd suggest that a much more productive avenue of approach would be to improve the aliasing facilities of a remailer provider to allow a pseudonym to look like a fully normal name.
I'm not sure that's a good solution. Todd, Todd, Todd. You can run a remailer and the mailing list on the _same_ machine and do the aliasing in the remailer. You can even restrict operation of the remailer to work only with the mailing list, if that's what you want. The issue here is clean separation of abstraction.
At his site [that's CMU--EH] there's this 'name+extra' syntax which delivers mail to 'name', but because of a special sendmail version 8 macro in the Received: field both the 'name' and the 'extra' can be recovered. The 'extra' is then an input into a remailer as a pseudonym.
Sure. I'm familiar with AMS [...] This doesn't require AMS. I've done the same hack myself in ruleset 0 of sendmail. Then you tweak the HReceived line to add the $u macro, which under sendmail v8 includes the whole address which caused delivery. Another, better I think, possibility is to add headers and let the MUA sort it out: you don't have to depend upon non RFC-822 features in the MTA. That's exactly how it works now. The Received field is rfc822 compliant, and the remailer, which is a part of the MUA, is where it gets parsed. Eric
In article <9409191742.AA15343@ah.com>, Eric Hughes <hughes@ah.com> wrote:
I'd suggest that a much more productive avenue of approach would be to improve the aliasing facilities of a remailer provider to allow a pseudonym to look like a fully normal name.
I'm not sure that's a good solution.
Todd, Todd, Todd. You can run a remailer and the mailing list on the _same_ machine and do the aliasing in the remailer. You can even restrict operation of the remailer to work only with the mailing list, if that's what you want.
The issue here is clean separation of abstraction.
Well *excuse me* for being clinically thick... I shouldn't post after more than 20 hours w/out sleep. You're right, of course. Though the remailer and the mailing list software would probably require some hacking to make the coupling tighter, in the process giving both limited-use remailers (probably undesirable in the generic case, but I can think of special uses) and access-controlled mailing list software (definitely uses for this, as some exist).
This doesn't require AMS. I've done the same hack myself in ruleset 0 of sendmail. Then you tweak the HReceived line to add the $u macro, which under sendmail v8 includes the whole address which caused delivery.
Could you send me what you've done on this? I think it's a desirable feature to have, though requiring that people hack their sendmail.cfs is not a big boost to the "popularity of package" indicator. -- L. Todd Masco | "A man would simply have to be as mad as a hatter, to try and cactus@bb.com | change the world with a plastic platter." - Todd Rundgren
L. Todd Masco wrote:
Could you send me what you've done on this? I think it's a desirable feature to have, though requiring that people hack their sendmail.cfs is not a big boost to the "popularity of package" indicator.
You can find this file at the gopher site (chaos.bsu.edu) in the Misc directory, as "Sendmail and + in addressing". Or something like that, the Misc directory will be reorganized soon, and the file name may change. Also, I split Tim's large FAQ into 20 chapters and placed it in FAQs/Cypherpunks/Cyphernomicon, if that makes it easier for some people to digest ;) -- Karl L. Barrus: klbarrus@owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper
WHAT IS THE FTP ADDRESS??????????????? On Mon, 19 Sep 1994, Karl Lui Barrus wrote:
L. Todd Masco wrote:
Could you send me what you've done on this? I think it's a desirable feature to have, though requiring that people hack their sendmail.cfs is not a big boost to the "popularity of package" indicator.
You can find this file at the gopher site (chaos.bsu.edu) in the Misc directory, as "Sendmail and + in addressing". Or something like that, the Misc directory will be reorganized soon, and the file name may change.
Also, I split Tim's large FAQ into 20 chapters and placed it in FAQs/Cypherpunks/Cyphernomicon, if that makes it easier for some people to digest ;)
-- Karl L. Barrus: klbarrus@owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper
JOHNKC wrote:
WHAT IS THE FTP ADDRESS???????????????
You can find this file at the gopher site (chaos.bsu.edu) in the Misc directory, as "Sendmail and + in addressing". Or something like that, the Misc directory will be reorganized soon, and the file name may change.
Also, I split Tim's large FAQ into 20 chapters and placed it in FAQs/Cypherpunks/Cyphernomicon, if that makes it easier for some people to digest ;)
I first want to thank Karl Barrus for making my Cyphernomicon FAQ available in separate chapters. And to answer question raised above by JOHNKC, either of the following will get you to Karl's files (I found them by gopher, but anonymous ftp showed various files, but nothing obvious to me as the files that gopher showed...but I didn't look too hard): gopher chaos.bsu.edu ftp chaos.bsu.edu --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
Timothy C. May wrote:
I first want to thank Karl Barrus for making my Cyphernomicon FAQ available in separate chapters.
Sure thing, you're welcome! I'll try to keep on top of future versions as well.
gopher chaos.bsu.edu ftp chaos.bsu.edu
About retreiving the gopher files via ftp: I'm not sure it is set up for that yet. Chael has put in quite a bit of work over the summer, including updating gopher daemon, and he did mention he would like to make the heirarchy available via anonymous ftp, or perhaps move the gopher directory (currently a subdirectory of my home) into the anonymous ftp area. However, I'm not sure if this has been done yet, or is doable, etc. If there is sufficient interest though, I could place the chapters of the FAQ into the cypherpunks/incoming directory for the time being. -- Karl L. Barrus: klbarrus@owlnet.rice.edu 2.3: 5AD633; D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 2.6: 088C8F21; 97 73 9E 8B 98 3E DD B5 E8 97 64 7E 20 95 60 D9 "One man's mnemonic is another man's cryptography" - K. Cooper
[...] giving both limited-use remailers Limited use remailers are exactly what a subscription service does. Could you send me what you've done on this? I think it's a desirable feature to have, though requiring that people hack their sendmail.cfs is not a big boost to the "popularity of package" indicator. Admittedly, sendmail.cf hacking is not for the light of heart. I've appended a little tutorial I wrote a few months ago on how to do this. The only correction I have on rereading is that version 8 sendmail doesn't use frozen configuration files. Eric ----------------------------------------------------------------------------- How to add + to your email syntax --------------------------------- Ever wanted one of those cool <user+@domain> addresses? So you can use <user+loud_mailing_list@domain> and get a filter to easily move the list out from your regular mail? Now you can. This tutorial works if you're running a fairly standard version of sendmail. It requires some hacking to sendmail.cf, so you need the permission to do that; that's usually root. The modifications are fairly straightforward. I. Add + to the list of operator symbols. The sendmail 'o' macro determines how to break up strings in sendmail.cf rules into tokens. In order to be able to recognize + specially, you'll have to add to the operator symbols to make it separately recognizable. So, first do a % grep -n ^Do sendmail.cf 116:Do.:%@!^=/[] Now, go in and edit line 116 and add a + sign at the end: Do.:%@!^=/[]+ That's all. Now sendmail will not include + inside of its tokens. II. Duplicate local delivery rules to accept + syntax. Sendmail is a delivery multiplexer. You want to change the syntax for local deilvery, so all you need to change is the local mail specifications. First, make sure your local mailer is called 'local'. You can search for the mailer definition as follows: % grep ^Mlocal sendmail.cf Mlocal, P=/usr/libexec/mail.local, F=lsDFMmn, [...] I've elided the tail end of the line, because all you really need to ascertain is that the local mailer has the right name. Now you want to search for all the delivery rules that deliver mail to the local mailer: % grep -n '#local' sendmail.cf 563:R$-<@$w> $#local$:$1 585:R$-<@$D> $#local$:$1 user@ah.com 614:R$+ $#local$:$1 everything else I have three rules for local delivery. (The second one is custom, and allows for delivery to a domain address for which no IP address exists.) All you do now is to add a rule for '+' delivery for each kind of existing local delivery. After I changed mine, it said: % grep -n '#local' sendmail.cf 563:R$-<@$w> $#local$:$1 564:R$-+$*<@$w> $#local$:$1 586:R$-<@$D> $#local$:$1 user@ah.com 587:R$-+$*<@$D> $#local$:$1 user@ah.com 616:R$-+$* $#local$:$1 everything else 617:R$+ $#local$:$1 everything else Rules that matched "$-", a single token, I changed to match "$-+$*", a single token followed by "+" followed by zero or more tokens. Rules that matched "$+", one or more tokens, I changed to match "$-+$*", same as above. I added the changed rule _before_ the original rule because otherwise the $+ would swallow up everything. The $1 in the second column refers to the first macro to match in the pattern in column one. That's the username the mail gets to delivered to. If you have more complicated usernames, you're likely already a seasoned sendmail trooper. III. Install and Test You should probably increment the version number when you make the change. It's in the 'Z' macro, do % grep -n ^DZ sendmail.cf 104:DZ2.06 Freeze the sendmail configuration with sendmail -bz otherwise your changes won't take effect. Now send yourself some test mail and make sure it works. Eric Hughes hughes@ah.com 17 February 1994
| Admittedly, sendmail.cf hacking is not for the light of heart. I've | appended a little tutorial I wrote a few months ago on how to do this. | The only correction I have on rereading is that version 8 sendmail | doesn't use frozen configuration files. While Eric's way of doing things works, I reccomend asking your systems manager to look at installing procmail as the Mlocal agent. Its easy to do, and provides everyone with procmail support without needing a .forward. (Procmail is a mail processing agent that allows you to sort your mail based on criterion of your choice.) Adam
While Eric's way of doing things works, I reccomend asking your systems manager to look at installing procmail as the Mlocal agent. This is good advice, for different reasons. I do realize that the stated reasons in the little tutorial were for mail sorting, but I really worked it out for remailer addressing. Installing procmail for local delivery does make filtering easier. The idea is that I could, for example, take an address, for example hughes+SOLONg@ah.com, which is really addressed to someone else, and map it in my own mail filter, at the user level, to the real recipient. This address is a real first class address, not just a comment in an address field, and is guaranteed to work wherever email is supported. Now as far as politics go, I wrote that tutorial in such a way that you could give it to your sysadmin and have them do the work. The "explanation" at the beginning is a prepackaged excuse for why you want it. ;-> Eric
Under the Crime Act and RICO statutes, we may be committing consiracy merely by talking amongst ourselves. (Maybe this is an exaggeration, as I'm not a lawyer and have no desire to become one.)
Just talking about it doesn't constitute conspiracy - you have to take one active step towards the goal. -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com Finger ecarp@netcom.com for PGP 2.5 public key an88744@anon.penet.fi ** PGP encrypted email preferred! ** "What's the use of distant travel if only to discover - you're homeless in your heart." --Basia, "Yearning"
Under the Crime Act and RICO statutes, we may be committing consiracy merely by talking amongst ourselves. (Maybe this is an exaggeration, as I'm not a lawyer and have no desire to become one.)
Just talking about it doesn't constitute conspiracy - you have to take one active step towards the goal. -- Ed Carp, N7EKG Ed.Carp@linux.org, ecarp@netcom.com
I probably wasn't clear. I didn't mean just talking, with no actions, but talking about new remailer features designed to thwart law enforcement, and then implementing the features. (In this interpretation, the remailers that many of us have talked about, designed, written software, run on our systems, etc., could be considered to be part of a conspiracy, should Bidzos, Mykotronx, ClariNet, the Feds, etc., choose to focus on remailers as "a continuing criminal enterprise.") We've done more than just talk, you'll have to agree. --Tim may -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
Something that just occurred to me is that chaining is a justifiable standard feature for hosts that hold other hosts' MX records. I think I'll start hacking on a protocol proposal (Request For Cypherpunks?); The more I think about it, the more easy this should be to implement and distribute as a security suite. (How's this towards furthering the "everybody a remailer" idea?) -- L. Todd Masco | "A man would simply have to be as mad as a hatter, to try and cactus@bb.com | change the world with a plastic platter." - Todd Rundgren
participants (9)
-
Adam Shostack -
cactus@bb.com -
hughes@ah.com -
JOHNKC -
Karl Lui Barrus -
khijol!erc@apple.com -
L. Todd Masco
-
sameer -
tcmay@netcom.com