An easy-to-reply anonymous mail scheme
is this: Just include a public key in your post. And ask any repliers to post to the newsgroup, encrypted with that key. No-one else but you can decrypt the reply, and no-one can know that you did, since everyone receives
all of my own and everybody elses schemes is that it requires an INVOLVED replier. I need some way that I can send out an anonymous email, and have the receiver of that email just hit "r" to reply to me. If they have
Ok, if that is what you want, then the following procedure will let you do exactly that: post anonymously, with a reply address that people can just 'r' to. And no-one (not even the host that is handling the replies) has to know who you are. There exists a site, lets call it remailer.com. It watches the newsgroup alt.key.announce for messages with the "Subject: remailer public key notice" that contain a public key. It takes each public key, and perofmrs some sort of hash function on it, tcreate a short "key id". (note: the hash function must be cryptographically strong, i.e. it should be very difficult to construct another key with the same hash value). It stores hash and the key in a database. Then whenever it receives a mail message to reply.HASH (where HASH is the key id), it encrypts the message with the associated public key, destroys the plaintext message, and posts the ciphertext to alt.w.a.s.t.e. So to use this, you would generate a public/private key pair, and compute the hash function of the public part. Anonymously post the public key to alt.key.announce, and then send your message by whatever means you like (anon mail, anon post to a regular newsgroup, anything) using reply.HASH@remailer.com as your return address. Then watch alt.w.a.s.t.e for replies and decrypt as received... All the recipient(s) have to do is press 'r' key and type the answer. You are guaranteed anonymity because no-one can find out who decrypted the alt.w.a.s.t.e message, since everyone received it. All you need is a good way to anonymously post to a newsgroup. -- Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek this address preferred -->> yanek@novavax.nova.edu <<-- this address preferred Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood (305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819
So to use this, you would generate a public/private key pair, and compute the hash function of the public part. Anonymously post the public key to alt.key.announce, and then send your message by whatever means you like (anon mail, anon post to a regular newsgroup, anything) using reply.HASH@remailer.com as your return address. Then watch alt.w.a.s.t.e for replies and decrypt as received...
one problem is that pgp labels public/private key pairs with strings (thus I have to create a public/private key pair with a unique label string that has nothing to do with my name) the problem still exists that every message posted to alt.w.a.s.t.e with have my pgp key label string. pgp does not support unlabeled crypted test (eg: I can had it random cyphertext and have it figure out public/private key pair to use (by trying every key in my rings)(
as your return address. Then watch alt.w.a.s.t.e for replies and decrypt
one problem is that pgp labels public/private key pairs with strings (thus I have to create a public/private key pair with a unique label string that has nothing to do with my name) the problem still exists that every message posted to alt.w.a.s.t.e with have my pgp key label string.
This is not a problem at all. For every anonymous "identity" you want to maintain, you would have a key pair (public/private). The "label" part could contain anything you want, or nothing at all (a space, or a dash, or the word "anonymous") but it would be more convenient if you assigned a pseudonym.
pgp does not support unlabeled crypted test
Just because (current version of) pgp does not support something does not mean it can not be done.
(eg: I can had it random cyphertext and have it figure out public/private key pair to use (by trying every key in my rings)
This would be a waste of time, and possibly imprctical if you have any significant number of keys. You should not have to try each key, because the post would contain in the Subject field the hash value of the public key, and using that you could instantly identify which private key to use. -- Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek this address preferred -->> yanek@novavax.nova.edu <<-- this address preferred Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood (305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819
participants (2)
-
Peter Shipley -
yanek@novavax.nova.edu