-----BEGIN PGP SIGNED MESSAGE----- People asked in earlier in this thread how remailers could issue digital postage stamps without being able to know who is using which stamp issued. One obvious approach is to use blind signatures. Rather than issuing a stamp to the user who requests/purchases it, the user could send an unsigned stamp, encrypted in an RSA envelope, to the remailer. The remailer would then blind-sign the envelope and return it to the user. The user then decrypts the envelope and has a stamp ready for use. At the time of use, the remailer checks the signature. If it is valid, it checks to see if the stamp has been used before. If so, it forwards the message to /dev/null; if not, it records the stamp (or perhaps a hash of the stamp) in its database. How does the remailer know that it is signing a stamp rather than (say) money orders, or a confession of sending kiddy porn over the net? The textbook answer is to use a cut-and-choose protocol -- which requires some subsequent communication with the user. But I'm not convinced that this is necessary. If the remailer's postage key is used only for postage and known to be used only for postage, then tricking it into signing something else would have the same significance as "signing" a paper check with the Pitney-Bowes postage meter. I'm assuming that the postage stamp would look something like: - -----BEGIN POSTAGE STAMP----- Kibo's remailer <remailer@happy.net> 3FA610092DB3FE12554AE98F66705601 - -----END POSTAGE STAMP----- where the random bits are generated by the user prior to submission to the remailer. (Actually its appearance would be implementation-dependent, of course.) This is all cryptology 101, of course, but hey, it's a start. - -- Alan Bostick | He played the king as if afraid someone else Seeking opportunity to | would play the ace. develop multimedia content. | John Mason Brown, drama critic Finger abostick@netcom.com for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMQPF+uVevBgtmhnpAQEgAQL/aYgGUvvW4jTLSnqxheid006I85sUdk2H l4GxtjW7obMI8rZ0c4kEYsXHnbDyFaREOpSjhSDzeqV2pkogesea0j/xXRqM7UQ3 hG5NBc56Nhr78+hqIOuyo3t6RaRjXi75 =qYXn -----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE----- In article <v02120d02ad1ce02500bc@[192.0.2.1]>, shamrock@netcom.com (Lucky Green) wrote:

I am not sure that postage would solve this problem. The geeks would individually pay for it. Still, nominal postage would solve a lot of the problems that plague remailnet.

Maybe I'm misunderstanding how using digital postage with remailers would work. I was assuming that the postage stamp would be included *inside* the encrypted envelope, that what the remailer would do on receipt of mail would be: (a) decrypt the envelope; (b) validate the postage stamp; and (if the stamp is valid) (c) forward the message according to the now-decryped instructions. Using this model, if the perpetrator doesn't include a postage stamp, then the message is ignored. If the perp includes a stamp, the first horny net geek's message is relayed but subsequent ones get bounced for invalid postage. If the message requires external postage (remailer processing cycle is process postage *before* decrypting envelope), then at the very least the horny net geeks have to get their own postage stamps, putting a step in the way of instant gratification. What's more, doing this would require *some* understanding of how the remailer network operates. One should never underestimate the degree of cluelessness present on the net, but knowing how to use remailers makes it more likely that somebody could recognize this as a mailbomb rather than a legitimate offer. What's more, even external postage works to block this attack used with a chain of remailers, because the second remailer's stamp would have to be provided by the perpetrator, inside the encrypted envelope sent to the first one. The very nature of this attack makes me wonder whether it would be worthwhile to implement a digital postage scheme for remailers that doesn't happen to be backed by real money. The remailers would continue to be free to use, and currency exchange hassles would be avoided, but many of the benefits of abuse prevention would be in place. So would the infrastructure to upgrade to pay-to-play remailers at a later date. - -- Alan Bostick | He played the king as if afraid someone else Seeking opportunity to | would play the ace. develop multimedia content. | John Mason Brown, drama critic Finger abostick@netcom.com for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMPfnweVevBgtmhnpAQH1egMAk1MK45EQGYPseEjBLQfXTW9Wxl2OGHpg 2JoVjs/9N8PMElcwTCRSpKvP9aZQ3UgEqDhDkcTe7z+W20VmcXOxZalj71t/NjeV vHqpa3rJ7vF0VcPl2OhKvZz1pBW1oia4 =6zkD -----END PGP SIGNATURE-----