Theodore Ts'o writes: If your mail system is broken enough that it inserts signatures without your permission, and you have no way to controlling it, it's broken. End of statement. Fix it or ditch it. I can imagine a system administrator choosing to require that all mail originating from his machine include a signature that correctly identifies the local name of the sender. I make this special point to illustrate a broader problem with remailers: They require operators of remailers to be sympathetic with the ends of the users of remailers. This obviously does not include the entire population for at least the recipient is not sympathetic. I suspect that technical solutions sought in recent mail will founder in presence of the politics of the operators of the remailers. I understand that routing your message thru at least one "friendly" remailer may be enough but if your reasons for using remailers are not sufficiently popular, then society, in some form, will pressure the friendly remailers to betray the sender without advance warning. If society polarizes into camps then there may be remailers in each camp. A remailer in one camp is unlikely to service messages from the other. Barriers then arise. I think that the technical issues are only the tip of the iceberg.
Date: Sat, 9 Jan 93 17:52:01 -0800 From: uunet!netcom.com!norm (Norman Hardy) I can imagine a system administrator choosing to require that all mail originating from his machine include a signature that correctly identifies the local name of the sender. I can imagine it, but none exist. This is mostly because the From: field is supplied by the mailer and satisfies that requirement, whereas requiring things in teh body of the mail message goes against the grain of how the systems are used. remailers: They require operators of remailers to be sympathetic with the ends of the users of remailers. This obviously does not Are there other reasons to use a remailer besides anonymity? I can't think of any, so that solves the sympathy problem. If a remailer operator conspires to reveal who you are that's a different issue, and is solved (or reduced a lot) by using a chain of remailers. Then *all* of the remailers have to be compromised to reveal that connection from source to destination. dean
Date: Sat, 9 Jan 93 17:52:01 -0800 From: uunet!netcom.com!norm (Norman Hardy) I can imagine a system administrator choosing to require that all mail originating from his machine include a signature that correctly identifies the local name of the sender. I can imagine it, but none exist. This is mostly because the From: field is supplied by the mailer and satisfies that requirement, whereas requiring things in teh body of the mail message goes against the grain of how the systems are used. remailers: They require operators of remailers to be sympathetic with the ends of the users of remailers. This obviously does not Are there other reasons to use a remailer besides anonymity? I can't think of any, so that solves the sympathy problem. If a remailer operator conspires to reveal who you are that's a different issue, and is solved (or reduced a lot) by using a chain of remailers. Then *all* of the remailers have to be compromised to reveal that connection from source to destination. dean
On Sat, 9 Jan 93 23:32:18 PST, tribble@xanadu.com (E. Dean Tribble) said:
E.> Date: Sat, 9 Jan 93 17:52:01 -0800 E.> From: uunet!netcom.com!norm (Norman Hardy) E.> I can imagine a system administrator choosing to require that E.> all mail originating from his machine include a signature that E.> correctly identifies the local name of the sender. E.> I can imagine it, but none exist. This is mostly because the From: ^^^^^^^^^^^ E.> field is supplied by the mailer and satisfies that requirement, E.> whereas requiring things in teh body of the mail message goes against E.> the grain of how the systems are used. *Bzzzzt* Wrong answer, thank you for playing. The public access bbs system running out of Chapel Hill, automatically appends the same signature to all outgoing messages, and other sites are considering the same measures. CrysRides
E.> I can imagine it, but none exist. This is mostly because the From: ^^^^^^^^^^^ E.> field is supplied by the mailer and satisfies that requirement, E.> whereas requiring things in teh body of the mail message goes against E.> the grain of how the systems are used. *Bzzzzt* Wrong answer, thank you for playing. The public access bbs system running out of Chapel Hill, automatically appends the same signature to all outgoing messages, and other sites are considering the same measures.
I think what he's saying is that a signature that identifies which *user* on the system as well as the system name does not exist. I'm sure there are a couple, but I agree with your point that most BBS's on any mail network append an identifying "tagline" or signature. As a matter of fact, in many nets it is a requirement that your system append a tagline to all messages. Incidentally, it is preceded often by "--" on a line by itself. Chael Hall -- Chael Hall nowhere@bsu-cs.bsu.edu, 00CCHALL@LEO.BSUVC.BSU.EDU, CHALL@CLSV.Charon.BSU.Edu (317) 285-3648 after 3 pm EST
On Sun, 10 Jan 93 20:29:47 EST, nowhere@bsu-cs.bsu.edu (Chael Hall) said:
E.> I can imagine it, but none exist. This is mostly because the From: ^^^^^^^^^^^ E.> field is supplied by the mailer and satisfies that requirement, E.> whereas requiring things in teh body of the mail message goes against E.> the grain of how the systems are used. *Bzzzzt* Wrong answer, thank you for playing. The public access bbs system running out of Chapel Hill, automatically appends the same signature to all outgoing messages, and other sites are considering the same measures.
Chael> I think what he's saying is that a signature that identifies which Chael> *user* on the system as well as the system name does not exist. I'm Chael> sure there are a couple, but I agree with your point that most BBS's on Chael> any mail network append an identifying "tagline" or signature. As a Chael> matter of fact, in many nets it is a requirement that your system append Chael> a tagline to all messages. Incidentally, it is preceded often by "--" Chael> on a line by itself. Evidently I mis-interpreted his exact meaning in his statement, but if I remember correctly, wasn't one of the original mail messages along this line stating that any mail system which included a signature or identification automatically was broken? The point being is this is a common example of how this is used, and that if an anonymous poster comes from such a site, his sig would close the search area greatly if not removed. So this appears to me to be a good point in favor of signature stripping. Chael> Chael Hall Chael> -- Chael> Chael Hall Chael> nowhere@bsu-cs.bsu.edu, 00CCHALL@LEO.BSUVC.BSU.EDU, CHALL@CLSV.Charon.BSU.Edu Chael> (317) 285-3648 after 3 pm EST CrysRides
Evidently I mis-interpreted his exact meaning in his statement, but if I remember correctly, wasn't one of the original mail messages along this line stating that any mail system which included a signature or identification automatically was broken? The point being is this is a common example of how this is used, and that if an anonymous poster comes from such a site, his sig would close the search area greatly if not removed. So this appears to me to be a good point in favor of signature stripping.
CrysRides
True, it will make tracing the mail extremely simple if nothing is done to strip the signature out. Where I disagree is where Hal appears to disagree--it is too simple to accidentally cut off the rest of your message by putting a line starting with "--" in your message. I think a "kill line" would be best. Anything after that line is ignored. Chael -- Chael Hall nowhere@bsu-cs.bsu.edu, 00CCHALL@LEO.BSUVC.BSU.EDU, CHALL@CLSV.Charon.BSU.Edu (317) 285-3648 after 3 pm EST
>E.> I can imagine it, but none exist. This is mostly because the From: > ^^^^^^^^^^^ >*Bzzzzt* Wrong answer, thank you for playing. The public access bbs Yes. Absolutes are almost always wrong. I've never encountered such a system, however. Chael> I think what he's saying is that a signature that identifies which Chael> *user* on the system as well as the system name does not exist. I'm There are lots of mailers that add the X-Organization: field, or some such. Evidently I mis-interpreted his exact meaning in his statement, but if I Now now. No need to be too sarcastic. :-) dean
participants (4)
-
Crys Rides -
norm@netcom.com -
nowhere@bsu-cs.bsu.edu -
tribble@xanadu.com