Re: Anonymity: A Modest Proposal
At 9:42 AM 10/18/95, Hal wrote:
I think a remailer which forged headers would get people even angrier than one which was up front about what it was doing. Forging headers is really considered antisocial by a lot of people on the net. If you could do it safely, you wouldn't need remailers. Since you need them, it's not safe, hence the message will probably get traced back to the remailer. This is prima facie evidence to get an account yanked at a lot of places.
Of course. The problem is that protocols as implemented permit header-forging: it's a practical fact of the net, and one that maybe shouldn't be overlooked on (basically vague) 'moral' grounds, any more than Netscape should say, "Well, you just _shouldn't_ screw someone with a foo.foo.foo.foo... URL." Of course people shouldn't overflow your stack intentionally--but they _can_, and the implications of that fact are shaping the net as we speak. If the headers were forged in such a way as to falsely and _credibly_ attribute a transmission to an actual uninvolved third-party, that's one thing; but the existence of headers that are forged so incompetently as to be traceable to their actual origin suggests that forged headers might be worth meditating on. For example, what if two or three dozen independently maintained Mixmasters in three or four countries randomly forged headers (maybe even actually badly, or maybe craftily "badly") so as to make the last link in a chain look like one (or "one") of the other remailers; how would the Co$ cope with that? Anyway, you get the drift. Ted
On Wed, 18 Oct 1995, t byfield wrote:
At 9:42 AM 10/18/95, Hal wrote:
Of course. The problem is that protocols as implemented permit header-forging: it's a practical fact of the net, and one that maybe shouldn't be overlooked on (basically vague) 'moral' grounds, any more than
The courts can't overlook it either. There goes liability. If I posted pirated software from this account, according to what you're saying, I could claim a forgery and show reasonable doubt.
On Oct 18, 4:15pm, s1018954@aix2.uottawa.ca wrote:
If I posted pirated software from this account, according to what you're saying, I could claim a forgery and show reasonable doubt.
Without an author-certification mechanism in place, you can always claim forgery. In this case, to show reasonable doubt you would probably have to prove that some one else would have a motive for forging it in the first place. This is one place where importance of digital signatures can be very strong. *If* we were all wonderful little cypher-junkies and signed everything, then we might plausibly be able to deny forged mail: "I sign everything I ever send, it's hardcoded into my mailer, that didn't come from me..." As it is, in most cases we run on trust, except where we're deliberately trying to make certain that matters are not modified or we're trying to make things a matter of record. [Checksums of binaries, for example, or press releases on controversial topics.] I'm looking forward to the point where my mail reader will sort things according to reputations I give correspondents, and perhaps flag mail which deviates from the norm for each correspondent. [e.g., if Tim May signs something, it's probably pretty severe. If a pgp-fanatic doesn't, something might be up...] I'm also looking forward to the point where I can be on a mailing list where folks look at the first line of my .sig and say, "this is being written by an individual" and I don't have to worry about them thinking I speak for organisations. [Which one would I be speaking for? Shad Valley 1992?] richard -- Richard Martin Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team] rmartin@aw.sgi.com/g4frodo@cdf.toronto.edu http://www.io.org/~samwise Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992
participants (3)
-
Richard Martin -
s1018954@aix2.uottawa.ca -
tbyfield@panix.com