Non-anonymous remailers
Recently a new technology has been proposed: non-anonymous remailers. A non-anonymous remailer separates the two traditional functions of the remailer network: anonymity and avoiding traffic analysis. Because the network provides both of these features, some people may not be aware that they are distinct. Anonymity means that no one can tell who sent a message. Neither the recipient, the remailers, or an eavesdropper can know the source of a message. Avoiding traffic analysis means making it impossible for the path a message takes through the network to be traced, either by the remailers or by third parties. A non-anonymous remailer avoids traffic analysis but does not provide anonymity. The recipient can tell who the sender of a message is, but no one else can, neither the remailers nor eavesdroppers. There are several ways to achieve this cryptographically. The general idea is that the sender of the message must sign it with a valid public key (one signed by a CA trusted by the remailer network). This signature is hidden from everyone but the recipient because the message is encrypted for the recipient. However the sender can use variants of zero knowledge proofs to demonstrate that inside the encryption there is a signature which satisfies the requirements. The remailer net will only deliver a message to an end user if it is able to verify that the message, when decrypted, will be properly signed. This assures that the end user will be able to determine who sent the message, while no one else will. Non-anonymous remailers would be suitable for cases where people do not want eavesdroppers to know with whom they are communicating, but where they don't need to be anonymous to their communication partners. A financial house's merger and acquisitions department, for example, would not want third parties to know with whom they are exchanging email. A surveillance target will want to hide the identities of his co-conspirators. An employee who is considering changing jobs will not want his employer to know that he is sending email to a competitor. Many similar examples exist. Non-anonymous remailers would also have the advantage that they would be much less prone to abuse than anonymous remailers. Sending a harrassing message or commercial spam through a non-anonymous remailer would be pointless. It might as well have been sent directly, since the remailer does not hide the sender's identity from the recipient. In summary, non-anonymous remailers prevent traffic analysis without providing anonymity. This more limited functionality renders the remailer less vulnerable to abuse and misuse, while providing protection which will be adequate for many situations, and which may be especially appropriate for the business environment. 25BA1A9F5B9010DD8C752EDE887E9AF3 [Cantsin Protocol No. 2] 092AA1EC9926D468F8964B8EF537DDC1782A1281 5838A82465D8E6D05769B3A837D8C43CBF2C5500 -AE8 AE8 523DDCB64EAE3A8826583353B8A8B57D23952CEDE5605AF95605A60D8735040FD63CD0CAA1E3A35B946A8828565A9BD77AF301BFA40AC04C762F3A0ADFE6CE3B516D02A3E705167D43B04E1EBAB96F1875129BDF4E13B8F2023B72C3AE56A4102C24CF55213E3DF801A1451C92D94D3CC52D195EADBA8CF4BB7A976A7A1A3126EB8B7CA243DEC78665D7BA797BCA95EA5C8EA41B620C7F1BCE9662869B65F7E710A89CADD9DDF8CBE9265F057131067CA630F138D5AA5E4DAA19B1ECC6193A2A191CF7C5DD89B71590297189A60609A824A7A494A4944B37048DD2F8F0E510DA767E54C02F3E21DE6FFFB29D7B53607DD3920283B1ACC82FE1CAA0C5DD872EF6 2CD5E0D37250DE32D9A1A7229DB8D9DC5F3CA35BFD7E3F7F09612F4444ABE4FAB47097F9BF4D82DDD2FD5FF7770B1F80369EEBC9703265DE03B24ABEA9E584839569156638A5D21005CF06550392B45076B3026E25104F91B59FB994E89B4F15A168790CAC3ADD030EBC06E5C96086FBF7B17369E4D102725FA779784BACD67812B39E71003FE4741B57ECF814A1053F290F46FD07F48E5DA586FECCA62D3ABC54C15D8652F1FFDCE8D7C312486BC643F9AFE70518084644293643DF638172545B08D93CF6E2664211330A4555E8774B665C9CA344ABB698B6C709E767F9ECB8F78DB4B12F2271D15DC8D5A9E355A9C0F6CC413906E188A52B1AEB6009BAC5EA
At 04:15 AM 5/15/98 +0200, some allegedly anonymous person wrote:
Recently a new technology has been proposed: non-anonymous remailers.
Feh - anybody who wants non-anonymous remailers should include his name :-) On the other hand, perhaps the allegedly anonymous author didn't believe the purported name of the alleged proposer, or chose to phrase the proposal in the exculpatory passive voice.
A non-anonymous remailer separates the two traditional functions of the remailer network: anonymity and avoiding traffic analysis. Because the network provides both of these features, some people may not be aware that they are distinct.
Good point.
A non-anonymous remailer avoids traffic analysis but does not provide anonymity. The recipient can tell who the sender of a message is, but no one else can, neither the remailers nor eavesdroppers.
There are several ways to achieve this cryptographically. The general idea is that the sender of the message must sign it with a valid public key (one signed by a CA trusted by the remailer network). This signature is hidden from everyone but the recipient because the message is encrypted for the recipient. However the sender can use variants of zero knowledge proofs to demonstrate that inside the encryption there is a signature which satisfies the requirements.
Overkill, and inadequate. Let's start with overkill: - If you require all outgoing email to be encrypted, you don't have constructive knowledge that your system is being abused. Legally, that should be significant protection; rules about not being liable for things you don't know you did are much harder to change than rules about things you know. - Posting a big sign requiring conformance with policies, backed up by occasional action against violators, helps establish your presumption of good character. - Requiring all outgoing mail to be encrypted makes spamming much more difficult (today), though in the Great Cryptographic Future, when everybody has at least one easily-located public key, that's less effective - but even then it significantly increases the workload for the spammer (though Moore's Law makes that less relevant, and good Crypto APIs make development of spamware easy.) It doesn't stop harassers, but it does reduce spam. - A few Supreme Court cases, such as Talley and McIntyre, protect the right to anonymous speech, including commercial, so the proposed law has a high bogosity index. For inadequacy, there are a variety of problems: - Zero-knowledge proofs can at most verify that there's an identifier in some defined format or from some accessible list of keys. They can't verify that the message really came from the homeless person who allegedly sent the mail, nor that the address, phone number, or email named can locate a real body. They also tend to need special forms for the data, which may not work for CA-format key signatures. - ZKPs aren't very useful for identifying the insides of multiply-encrypted data - so they only give you one hop at a time, and only for cooperative remailers in cooperative jurisdictions. - Protocols that provide information about the insides of an encrypted message are notoriously hard to make both secure and useful.
Non-anonymous remailers would be suitable for cases where people do not want eavesdroppers to know with whom they are communicating, but where they don't need to be anonymous to their communication partners.
Distinctly true, though the easiest way to achieve that is to separate the two problems, providing solid privacy protection outside and letting the users sign the inside message if they want. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (2)
-
Anonymous -
Bill Stewart