-----BEGIN PGP SIGNED MESSAGE----- Hm... after reading various replies about the message haven I described, I've concluded my original explanation was terrible and confusing ;) Background: I've noticed that about the only opposition voiced to anonymous mail is the fact somebody can harrass another user (however, they can also be used to forward Clarinet posts, for example). Also, systems such as Julf's, convenient as it is, require tables which map psuedonym to true identity. The message haven is my idea of how to get around these two problems. (I'm not saying Julf is untrustworthy or something, this is just an idea to try out!) The way I see it working is you would create a message containing what you want to say, what to name the next reply, and anything else... perhaps a new public key to encrypt the reply with. You encrypt this message with the public key for whoever you want to communicate with, and send it to the haven with instuctions to file it under a name you specify. Your partner would browse the message haven, and retreive the message. He would frame a response, include what to name the next reply, maybe include another key, etc., encrypt his message with your public key, and send it back to be filed under the name you specified. The very first message to a person would have to be titled something obvious to them (i.e. "To Pr0duct Cypher", "To Deadbeat", "To Wonderer", "To L. Detweiler" or whoever), unless you can pre-arrange this. So far, the haven just accepts messages and files them. Maybe it could take a digital cash payment to file in an area where the message will be available for longer. The haven doesn't even have a public key (unless it runs a bank and has a public key for the bank portion). Now, if the message haven keeps logs of what messages you read, it will be able to figure out who you are communicating with. One possibility is to take all the message, so even if the haven fully logs, it will derive no information. This is only if you actually care that the haven can figure out who you are communicating with. If not, just grab the messages for you. Some people are suggesting retrieving a subset of the messages. Yes, this will work, but only if you take the same subset all the time. For example, you take your messages and message addressed to users A, B, C, and yourself. (There would be a complication if all the other users changed public keys simultaneously). If you don't take the same subset all the time (say you retrieve A, B, C, and yourself once, and then X, Y, Z, and yourself another time. It should be pretty clear who you are!), you expose your identity. Also, you would need to take all the messages of the other users (say A, B, C, and you have 5 messages each. You take all of yours, and just 1 from each of the others. Again, it should be pretty obvious who you are). Maybe the easiest thing to do is simply use a brand new public key every time, then you can take random messages. Indeed, you could even fool the haven into thinking you are communicating with someone else by always retrieving their messages, if you use a new public key each time. Some schemes have been suggested in which you tell the haven what messages you want. It would send them along with some random ones. I don't like this idea since it requires the haven to be able to connect your pseudonym with your true identity, and it's more complicated, as far as the haven goes, and as far as you (if you want to use a new key). And if you are already telling the haven your identity, you may as well just browse it and retrieve the messages intended for you. So, hopefully that is a bit clearer. Comments are welcome! Karl Barrus klbarrus@owlnet.rice.edu -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLdQmYIOA7OpLWtYzAQHIdwP9FHCtdL0XHhGCrLgVoFNNNdiSH8IGvlyO wZq8vvbYtW34uRrEs0nYDchVpEtDpMgrSQdfSFaKrNjg5mdfbqWh9qEeMv1NM91p jtqhYfUHqP1RE/CegET3tunI1h6fqfz91cMIpPc4hGM69OSJZecw8rumwKyxNwC8 cCBBDrb1iMk= =H9K8 -----END PGP SIGNATURE-----