Hal <hfinney@shell.portal.com> writes:

I can see two problems. First, at least the first machine on the trans- port path will see both your origin address and your destination address. So it is in a perfect position to do traffic analysis. Many users may not have the ability to control which machine this is since routing is usually automatic these days. Fair enough. Let's assume that ESMTP will anonymize and sanitize each message, making it appear as if it first appeared on the site. In other words, lets say I send a message via ESMTP to someone. It gets sanitized and anonymized (the return address is encrypted). This removes ALL traces of the fact that it left from my node. Every site up the chain until it gets to you will do the same. Finally you get a VERY anon/sanitized message.

Second, if each machine simply saves a message and sends it on, then even if the messages are encrypted there will probably be timing relationships between the incoming and outgoing messages which will allow them to be linked. Quite true. However, if the encryption system adds random-x bytes of entropy to _each message_, the message sizes will never be the same coming in as going out. It will always be larger, but each additional hop makes

So someone monitoring the intersite communication channels may be able to track a message through the network just by noticing when it comes into and goes out of each node. This is why Chaum introduces message batching and mixing at each node. Very true. But, again, it shouldn't matter... By the time it gets to a place where the message is passed through 3 or 4 machines that one

I said the return address is encrypted. That's true: it's encrypted piece-meal. What happens is that the originator's site the sender's name with its own key. Then, it encrypts its site name with the next site's key. When it's sent, the site encrypts it's name, PLUS the previous encrypted packet with the key of the next site up the net. This happens until it reaches its destination. Even if the packet is intercepted, the hacker only knows the previous site it came from. Let's say he intercepts it between my feed and my feed's feed. This gives some 15+ choices as to which MACHINE it came from, let alone which USER sent it, and that's only on the first hop. On the Nth hop, it's AT LEAST 2^N possible MACHINES, assuming that each hop has at least two feeds. More realistically, after about 4 hops, the number of choices becomes entirely too large to efficiently track. What do you think? the chance of tracking less and less. How many hackers can watch the whole backbone?? person can watch, it's already been sanitized to the point of obsurdity, no? Opinions? --Jeff -- ====== ====== +----------------jgostin@eternal.pha.pa.us----------------+ == == | The new, improved, environmentally safe, bigger, better,| == == -= | faster, hypo-allergenic, AND politically correct .sig. | ==== ====== | Now with a new fresh lemon scent! | PGP Key Available +---------------------------------------------------------+