What is your policy on chaining to anon.penet.fi?
Hmmm, it would be bad to post to anon.penet.fi through a remailer, as the anon id assigned by penet would be associated with the remailer, _not_ with you. Therefore, people who responded to the message would actually be sending mail to the operator of the remailer that was the hop into penet. Not to mention the fact if the remailer account were also a personal account, and the operator was a client of penet, that his anon id could be compromised in this way (if he was foolish enough not to have a password). Therefore, it seems reasonable that remailers should refuse to mail into penet, unless and until a non-anonymous reply to anonymous mail facility becomes available there. To the penet knowledgeable: is my understanding correct? Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins@newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst@netcom.com
Therefore, it seems reasonable that remailers should refuse to mail into penet, unless and until a non-anonymous reply to anonymous mail facility becomes available there.
There is already non-pseudonymizing reply available for pseudonymous mail. It periodically comes up on the list, and is periodically corrected. The irony of the situation is that the solution was invented on this list a few months ago. Solution: if you send to na12345@anon.penet.fi, then your mail won't be pseudonymized; if you send to an12345@anon.penet.fi, then your mail will be pseudonymized. an = anonymous na = not anonymous Eric
To the penet knowledgeable: is my understanding correct?
It depends on the remailer. Mine, for example, sends messages with a From: line of "eli-remailer@jarthur...", and some others do similar things. I believe this address already has a penet address. I have no problems with chaining from here to penet, though I suggest making it clear that 1) attempts to reply will result in an ugly bounce, and 2) the persona using the chained ID can be identified only by continuity of digital signature. IMHO, this is useful way of bumping the anonymity level up a notch over posting directly with penet -- an attacker needs both penet's lists and a bunch of sendmail logs. Others, including Julf, may feel differently, as this provides some degree of "hit-and-run anonymity". PGP 2 key by finger or e-mail Eli ebrandt@jarthur.claremont.edu
participants (3)
-
collins@newton.apple.com -
Eli Brandt -
hughes@ah.com