At 04:45 PM 2/15/97 -0600, Igor Chudov wrote:

Roy M. Silvernail wrote: ...

...

Or that the money wasn't there in the first place (absent a trusted signature system), or the key doesn't exist, or the wrong key is offered, or the sender put the same e-dollar on all 60000 mails sie sent and it's already been redeemed.

Well, if the trusted party performs the encryption by both recipient's public key and the "retrieval key", the problem that you mention can be avoided. Yeah. I as a spam artist send the "proof" message through the e-cash verification center with the Send To: field returning it to a mail exploder. Each receipient gets the same dollar. This assumes that the To: field is not hashed into the verification signature, and that the verification works like a glorified remailer. (cash added on a separate channel).