Re: Blocking addresses by default
-----BEGIN PGP SIGNED MESSAGE----- Mark M. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
With remailer abuse becoming more popular and remailers going down because of complaints, there seems to be some interest in remailer software that will block all email by default and will only pass along email that is explicitly unblocked.
I think this threatens serious security problems for the remailer network in two ways: 1. You'd create a list of people interested in anonymous information, which could potentially be obtained by police or other armed thugs. 2. The traffic would go down so substantially that traffic analysis would be trivial. As a counterproposal, I'd like to see better disclaimers on remailed messages. The reason the people complaining are so pissed off is that the blocklists are neither advertised nor automated enough. I'd like to see disclaimers and block list instructions at the top of the body of every single message. This would be encapsulated in some mark characters so that it could easily be removed by remailer chains. E.g., To: remailer@erehwon.com Request-Remailing-To: remailer@nowhere.com [message] remailer@erehwon.com prepends the following to the message before it is sent along: $$ This message was sent through the anonymous remailer network. Neither the operator of this remailer, remailer-op@erewhon.com, nor the postmaster at this site has any way of determining the source or filtering the content of remailer messages. No logs are kept. If you do not wish to receive such anonymous messages from any link in the remailer network, send an email message to remailer-operators@c2.net with subject line "block." For more information on the remailer network, see [Raph's list] or send email to help@[?]. $$ remailer@nowhere.com looks for "$$" as the first line of the message, and strips everything up to the next occurrence of "$$". It then appends its own disclaimer block before sending the message to the hop (remailer or final destination). A bit annoying, yes, but I think this would go a long way towards improving public relations. I don't see how it compromises security. What's wrong with this scheme? Other than the fact that all remailers would have to change their software at the exact same moment. :-) [By the way, someone told me that the Chardos remailer doesn't include Complain-To or block-list instructions anywhere, not even in X-Headers. Is this true? I think that would be bad. [tm]] - -rich - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBMoJFnCoZzwIn1bdtAQEZSwF/eurxI6jVBcv4srS8FEE3Rtc5rVCTfyw8 gNrC5p5ZzBGgFCaM3MOair4gH91zH/HK =oqSh -----END PGP SIGNATURE-----
On Thu, 7 Nov 1996 15:25:07 -0500, Rich Graves wrote: remailer@nowhere.com looks for "$$" as the first line of the message, and strips everything up to the next occurrence of "$$". It then appends its own disclaimer block before sending the message to the hop (remailer or final destination). A bit annoying, yes, but I think this would go a long way towards improving public relations. I don't see how it compromises security. Neither do I. I think it should use something like a line of dashes, or maybe a C comment, though, rather than $$, to make it look 'prettier' for the eventual recipient, and clarify that it's not part of the original message. What's wrong with this scheme? Other than the fact that all remailers would have to change their software at the exact same moment. :-) This is not true, of course. Implement it in two stages. First recognise and strip the disclaimer, but don't prepend one, then, when all remailers are doing this, start prepending information. -- Paul Foley <mycroft@actrix.gen.nz> --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- I must have slipped a disk -- my pack hurts
-----BEGIN PGP SIGNED MESSAGE----- On Thu, 7 Nov 1996, Rich Graves wrote:
I think this threatens serious security problems for the remailer network in two ways:
1. You'd create a list of people interested in anonymous information, which could potentially be obtained by police or other armed thugs.
True. I wasn't proposing any centralized list or a complete alternative to the current way remailers are set up. Just an alternative for some people who don't have time to go through all the complaints. The only unblocked addresses could just be the addresses of other remailers. Others could be set up to only deliver mail to other remailers, mailing lists, and newsgroups.
2. The traffic would go down so substantially that traffic analysis would be trivial.
If every remailer adopted this system, then this would be true.
As a counterproposal, I'd like to see better disclaimers on remailed messages. The reason the people complaining are so pissed off is that the blocklists are neither advertised nor automated enough. I'd like to see disclaimers and block list instructions at the top of the body of every single message. This would be encapsulated in some mark characters so that it could easily be removed by remailer chains. E.g.,
This is a good idea. I also like the idea of remailers forwarding some sort of notification to a first-time recipient where the recipient actually has to request that the mail be delivered. However, the storage requirement might be a little impractical for some remailers. If the disclaimers are really annoying, it would be easy enough to remove these disclaimers with a simple procmail recipe or some equivalent.
What's wrong with this scheme? Other than the fact that all remailers would have to change their software at the exact same moment. :-)
The "cutmarks" option would allow backwards compatability. Alternatively, the remailer might be able to determine whether the next hop is a "real" email address or another remailer. I believe this would be pretty easy with Mixmaster since a remailer can tell if it is the final hop or not. Mark -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMoPTpizIPc7jvyFpAQGYHggAqERGxbUu4LcGmP6qgN47claY9cttmWQ+ LIxHFKKxut92mSVMfDD80WGlXZAQb/p97t//m6aGZ3cCFXe8JPlVfyqrzz4A4/JK pN3lbn0Vfk08CVePFZaBqk8yiE+K7ZpjE1vTx8GTna0n+ZHpC6RZ1DBNwWrif4PH kLUl4cFHYeHhe9qfZrc+rjUcxe0yMM9hhJ3uW1SUaUvLeXNuwjaftil5ULX1pegt 2JLYZkX7UF7EAUA2GvKj1KoDhVoQjT5tbRcIbV20n8r8mQjQuecUqZXP/P9D1zbC lwilKC5z2+0wErr9MvseLH9CEriVQhT0EN1fWxZjB3MfrCFRdNDO9w== =xP+H -----END PGP SIGNATURE-----
participants (3)
-
Mark M. -
Paul Foley -
Rich Graves