From yanek@novavax.nova.edu Wed Nov 25 18:20:16 1992 There always remains the issue of trust. How can I know that your system has not been compromised, and is logging all in/out messages, and forwarding them to FBI. This could be happening even without you knowing, for example if "they" tap your network connection.

Absolutely. This is a problem with any system that involves forwarding. For instance the currently proposed scheme advocates encrypting the address to be forwarded too, the remailer server still could have its mail tapped and the same correlation made. Of course my system seems much weaker in the sense that if the server is compromised the database is there for all to see. Of course the other system is just as weak in that if its server is compromised then someone can get the secret key that decrypts the addresses using the pass key from the automated software that does the decryption My objective was not to provide a high grade of anonymity, rather to enhance the functionality provided by existing anonymous services with privacy enhanced mail. Specifically to avoid sysadmins reading your anonymous replies which are often unsolicited and somewhat dubious or compromising. I think it achieves the objective but is clearly not going to sustain a concerted attack on the server by a knowledgeable assailant like the NSA or FBI or their equivalents in this country. To my knowledge, being very naive when it comes to encryption, the provision of anonymity which does not depend on a particular site to do the remailing (and is hence vulnerable as described) is much less straightforward, not to mention inconvenient. Perhaps I am overlooking something obvious to someone more knowledgeable. david