Self Addressed Stamped Envelopes

Eric Messick eric at
Tue Dec 29 14:06:03 PST 1992

||ugh and I were talking (over an unsecure phone line :-) last night
and came up with an interesting idea.

The problem:  anonymous replies.

Under the current system, the solution is simple:  create an
`envelope' which implements a path back to you.  You include this
envelope with your outgoing message, and the respondant places the
envelope at the front of any messages to be sent back to you.  The
envelope is a nested encrypted set of Anon-To: lines that remailers
strip off as the message is routed back to you.

This system has at least two weaknesses for future use, however.  The
most serious is that the body of the reply is not altered by the
remailers, allowing the message to be more easily traced.  The second
is that there is no provision for remailers to charge for the service.
If postage is included in the envelope itself, it becomes a single use
device; it is useless for posting to a newsgroup, for example.

Both of these problems can be solved by having each remailer forward
the message *with*postage*due*.  What that means is that the remailer
encrypts the message before sending it on, and saves the key used in
an account file along with a message id and the amount due.  The body
is thus altered on each hop, complicating the process of tracing the
message.  You also are unable to read the message until you have paid
the postage on it, which you do by sending a message to yourself via a
similar envelope.  That message contains stamps which get removed at
each step by the remailers, and replaced with the necessary key for
reading the mail.  When you recieve the second message back, you have
the necessary info to read the first, and have paid for its delivery.

A variation would allow the respondant to include the necessary
postage (you need to specify how much, thus compromising at least the
hop count of your route).  To keep each remailer's postage seperate,
key pairs could be generated, with the public portion kept outside the
envelope, and the secret portion sealed within the envelope, openable
only by a single remailer.  The postage would be wrapped up in
successive keys as specified on the outside of the envelope.  The
envelope would then specify the keys to be used by each remailer to
transform the body.

All of this requires defining a message as containing an envelope and
a contents.  The envelope must be able to specify how the contents are
to be encrypted at each hop. Perhaps the envelope could be placed in
the header of the message as a single field.

Details still need to be worked out.  Comments?

-- eric messick
eric at

More information about the cypherpunks-legacy mailing list