At 7:26 PM 9/10/96 -0700, Lance Cottrell wrote:

It is a good idea, but it does involve another whole level of infrastructure. I am not at all sure that message pools are not a better system. Your suggestion requires The client to do a lot of work, and for the remailers to store many keys for indefinite periods.

You certainly know the details of Mixmaster remailers better than I do. In a last defense, while the protocol requires Alice's program to do a lot of work, it still could be fairly easy for Alice herself to use. In addition, the remailer could set a definite limit to the lifetime of the keys, since Alice is also setting such a limit. If Alice specifies their lifetime when she sends them, then the path would automatically dissolve without action on her part. Let me float one more hair-brained idea. I think Tim May is right in saying that the most secure response technique is the one in Blacknet. i.e. The response are posted to some public bulletin board, and then Alice reads them at her leisure. I see two problems with this approach: (1) It doesn't scale well, and (2) Alice's reading of the response may be detected. (I think of the vans in Great Britain which listen to the local oscillator frequency of TV sets to find what people are watching.) Perhaps both of these problems could be solved by something like a stock photo service which uses digital watermarks to discourage copyright infringement. Since it is using digital watermarks, each copy of a particular photo would be different, providing the opportunity to stego an encrypted message in the photo. If Alice regularly spent $.05 of Ecash for a new desktop background photo, it would be hard to determine which had stegoed messages. The service might even make money on just the above-board sales. ------------------------------------------------------------------------- Bill Frantz | "Lone Star" - My personal | Periwinkle -- Consulting (408)356-8506 | choice for best movie of | 16345 Englewood Ave. frantz@netcom.com | 1996 | Los Gatos, CA 95032, USA