I'm wondering if I understand this remailer debate. Here's my summary (based not so much on reading of cypherpunk traffic, but on my understanding of the basic principles): (*) define an encrypting mailer protocol (basically, just PGP or some such). When a mailer receives an encrypted message, it unpacks (0) a message which may have been doubly encoded (once by originator, once by prior remailer to disguise padding) -- if so, must decrypt twice. (1) the message to be forwarded, annotated with control info (e.g. padding, delay, key to reencrypt under) (2) payment information in whatever format is advertised for that remailer. As I understand it the problem with digital cash is defining physical link for the "cash", without compromising the identity of whoever payed into the account. The proposal-to-date involves a guild of remailers. As I see it, this would be primarily of value for shuffling cash around -- call it a build of bankers instead. Once you've established your "cash"-net, presumably with related services such as drop-boxes and temporary accounts, you could use more flexible mechanisms for anonymous mail, which feed off the cash net where necessary. I've not read Chaum(sp?)'s work on encrypted cash, so perhaps I've ignored some terribly obvious issues. [No PGP signature -- at the moment, I don't have a host sufficiently secure to be worth bothering with.] -- Raul D. Miller N=:((*/pq)&|)@ NB. public e, y, n=:*/pq <rockwell@nova.umd.edu> P=:*N/@:# NB. */-.,e e.&factors t=:*/<:pq 1=t|e*d NB. (,-:<:)pq is four large primes, e medium x-:d P,:y=:e P,:x NB. (d P,:y)-:D P*:N^:(i.#D)y [. D=:|.@#.d