Re: REMAIL: pseudo-account remailer @andrew gains anonymous feature
I added an anonymous feature to my remailer.
If you have an address of the form mg5n+eaxxx@andrew.cmu.edu, anonymous mail can be sent to that address by changing it to the format: mg5n+anxxx@andrew.cmu.edu An encrypted reply address is created for the sender of the anonymous message.
What happens if I already have an encrypted reply address? What happens if I already have SIX encrypted reply addresses? Which one is used? Or is *another* one created? -- Ryan Perkins - 1:340/13 | I feel that suicide jumpers see a glimpse of ub075@freenet.victoria.bc.ca | sanity as they throw themselves from the ledge. Ask for PGP 2.3 public key | That's why they scream all the way down. 8C5357 : 9F FF BA 93 54 D5 18 78 4B 1E DA GC E3 4E
Ryan A. Perkins wrote:
An encrypted reply address is created for the sender of the anonymous message.
What happens if I already have an encrypted reply address? What happens if I already have SIX encrypted reply addresses? Which one is used? Or is *another* one created?
Another one is created, since no records are kept of what addresses you already have. I am somewhat unsure of what to do in this situation. As I have it set up now, it will always create the same address for replies (but you can still get as many different ones as you like from mg5n+getid@andrew...) so if you send two messages to mg5n+anxxx... addresses, they will both have the same reply address. I could change this and have it create different ones each time, which would preserve anonymnity better, but this could lead to confusion when replying to messages, because it'd be difficult to tell if two messages came from the same person or not. I suppose a more complicated system could be set up where the users would specify which reply address they wanted to use, or where replying to a certain address would always allocate the same reply-id. Any suggestions?
On Sat, 9 Apr 1994, Matthew J Ghio wrote:
Ryan A. Perkins wrote:
An encrypted reply address is created for the sender of the anonymous message.
What happens if I already have an encrypted reply address? What happens if I already have SIX encrypted reply addresses? Which one is used? Or is *another* one created?
Another one is created, since no records are kept of what addresses you already have.
I am somewhat unsure of what to do in this situation. As I have it set up now, it will always create the same address for replies (but you can still get as many different ones as you like from mg5n+getid@andrew...) so if you send two messages to mg5n+anxxx... addresses, they will both have the same reply address. I could change this and have it create different ones each time, which would preserve anonymnity better, but this could lead to confusion when replying to messages, because it'd be difficult to tell if two messages came from the same person or not. I suppose a more complicated system could be set up where the users would specify which reply address they wanted to use, or where replying to a certain address would always allocate the same reply-id. Any suggestions?
How about generating a secure hash and using that as an index into a table? If there's an address already there, use that - otherwise, generate one. Generate the hash from the incoming address, of course. That way, you don't need to keep track of anon-id-to-real-id mappings, yet guarantee that each user has one and only one anon address. Of course, folks coming in from different hosts will have different anon ID's. Or have I missed some blindingly obvious technical point thaqt would make this impossible?
Ed Carp <ecarp@netcom.com> wrote:
How about generating a secure hash and using that as an index into a table? If there's an address already there, use that - otherwise, generate one.
Generate the hash from the incoming address, of course. That way, you don't need to keep track of anon-id-to-real-id mappings, yet guarantee that each user has one and only one anon address. Of course, folks coming in from different hosts will have different anon ID's.
Or have I missed some blindingly obvious technical point thaqt would make this impossible?
I don't see how this would prevent me from having to keep track of anon-id-to-real-id mappings. It could work for sending mail, but I'd still have to have some way of keeping track of the real ids for the replies.
On Sun, 10 Apr 1994, Matthew J Ghio wrote:
Ed Carp <ecarp@netcom.com> wrote:
How about generating a secure hash and using that as an index into a table? If there's an address already there, use that - otherwise, generate one.
Generate the hash from the incoming address, of course. That way, you don't need to keep track of anon-id-to-real-id mappings, yet guarantee that each user has one and only one anon address. Of course, folks coming in from different hosts will have different anon ID's.
Or have I missed some blindingly obvious technical point thaqt would make this impossible?
I don't see how this would prevent me from having to keep track of anon-id-to-real-id mappings. It could work for sending mail, but I'd still have to have some way of keeping track of the real ids for the replies.
Ah, yes, I *knew* I had missed something obvious... Thanks.
participants (3)
-
Ed Carp -
Matthew J Ghio -
ub075ļ¼ freenet.victoria.bc.ca