Anonymous return addresses

nobody at alumni.cco.caltech.edu nobody at alumni.cco.caltech.edu
Fri Nov 13 11:34:22 PST 1992


Here is an example of how to use the cryptographic remailer at
<hal at alumni.caltech.edu> to implement an anonymous return address.
Note: this material is a little complicated, but if you will take it a
step at a time you will see that there's not really that much to it.


Suppose I want to receive mail at my address of 74076.1041 at compuserve.com,
but I don't want that address to be known.

First, I create a file with the following contents.  Call it t1:


---------------------- cut here -----------------------
::
Request-Remailing-To: 74076.1041 at compuserve.com

---------------------- cut here -----------------------

This is the same as what you would normally put at the front of a
message to use the remailer.  Note that the last line of the file is
blank.

Now, I encrypt that file, using PGP, with the public key of the
remailer (the key is at the end of this message).  I use the command,
"pgp -ea t1 alumni".  I say "alumni" as a shorthand for the address of
the remailer on the keyring.  This creates a file, t1.asc, which looks
like:

---------------------- cut here -----------------------
-----BEGIN PGP MESSAGE-----
Version: 2.01

hEwCG6rHcT8LtDcBAf0YbKADFELfaRay6LFviabwpICAAGMV1Pff8meY3ND5o7hu
jNy9hQv2bIMM9IyUCF2LFpgamxmMlSwpGQIVbJLEpgAAAEzDG0ddg2oBmjQFzB4c
E0d/k7uE8KgxtCg6Sc+l639LN18sv4UWpq0nnyGRTUGEjL9JqtYZOSlTsiSAFU2c
4RoHslyk51suvGokhod0
=XSHb
-----END PGP MESSAGE-----

---------------------- cut here -----------------------

Now, I edit the file by adding lines saying "::", and "Encrypted: PGP",
and a blank line, to the beginning (and I delete the blank line at the
end of the file), giving:

---------------------- cut here -----------------------
::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.01

hEwCG6rHcT8LtDcBAf0YbKADFELfaRay6LFviabwpICAAGMV1Pff8meY3ND5o7hu
jNy9hQv2bIMM9IyUCF2LFpgamxmMlSwpGQIVbJLEpgAAAEzDG0ddg2oBmjQFzB4c
E0d/k7uE8KgxtCg6Sc+l639LN18sv4UWpq0nnyGRTUGEjL9JqtYZOSlTsiSAFU2c
4RoHslyk51suvGokhod0
=XSHb
-----END PGP MESSAGE-----
---------------------- cut here -----------------------


The content of this file is my anonymous return address.

To use it, I make my posting, anonymously, and I say something like:

"Anonymous return address: mail to hal at alumni.caltech.edu, with your
(possibly encrypted) message preceded by:"

and I put in the contents of my anonymous return address file, above.

So, to use this anonymous return address, suppose someone wants to
send me this message:

---------------------- cut here -----------------------
Hello, I am responding to your anonymous post on cypherpunks.
I would like to know more about your anonymous habits.
Please post some more.
---------------------- cut here -----------------------

All they need to do is to put the anonymous return address at the
beginning, giving:

---------------------- cut here -----------------------
::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.01

hEwCG6rHcT8LtDcBAf0YbKADFELfaRay6LFviabwpICAAGMV1Pff8meY3ND5o7hu
jNy9hQv2bIMM9IyUCF2LFpgamxmMlSwpGQIVbJLEpgAAAEzDG0ddg2oBmjQFzB4c
E0d/k7uE8KgxtCg6Sc+l639LN18sv4UWpq0nnyGRTUGEjL9JqtYZOSlTsiSAFU2c
4RoHslyk51suvGokhod0
=XSHb
-----END PGP MESSAGE-----
Hello, I am responding to your anonymous post on cypherpunks.
I would like to know more about your anonymous habits.
Please post some more.
---------------------- cut here -----------------------

They would then send this to hal at alumni.caltech.edu.  The remailer
would decrypt the PGP block, finding the "Request-Remailing-To" line,
and then send it on to me.

If I had posted a PGP public key along with my anonymous return
address, they could have encrypted their message text as well, and put
the A.R.A. in front of it.  The resulting message would have looked
something like:

---------------------- cut here -----------------------
::
Encrypted: PGP

-----BEGIN PGP MESSAGE-----
Version: 2.01

hEwCG6rHcT8LtDcBAf0YbKADFELfaRay6LFviabwpICAAGMV1Pff8meY3ND5o7hu
jNy9hQv2bIMM9IyUCF2LFpgamxmMlSwpGQIVbJLEpgAAAEzDG0ddg2oBmjQFzB4c
E0d/k7uE8KgxtCg6Sc+l639LN18sv4UWpq0nnyGRTUGEjL9JqtYZOSlTsiSAFU2c
4RoHslyk51suvGokhod0
=XSHb
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
Version: 2.01

hIwCqBMDr1ghTDcBA/sGAyloGGHX/CBNRFOkov8RGNxNw/HqehwZ3yT5r0n45qAt
AKmETej9GyJVFLZ5Oom7cqFN6+ARaZpp4LFqaxGF7phxC6l9HEPh2zI7w2G1/Df6
pMIwJJ7G+0vk7qBKoctmanNkYVTIb/bKAxJAbK6mUfcXPdRjyUaT/vf2X9RocKYA
AAB/sjDjuW2cSN7o3HOKvQ4s+CyqshOGWe7xLRIfSBVyL2PXFOJKx7QMVdRyzDwC
HO62PhXswqTlgxqIod0EXDzfEA8kI4Oz2gp45AMy8ElT1nV1jEKjCGC6HWGDU/P5
ZCTPgzOgmLetDNi5Yf8cPDMTHQ3Dcl7vDyNhpMD4+fdFog==
=8FPE
-----END PGP MESSAGE-----
---------------------- cut here -----------------------

The first PGP message is my anonymous return address, and the 2nd
PGP message (which the remailer won't try to decrypt) is the encrypted
message for me.

If more people will implement cryptographic remailers, you will be
able to create more secure ARA's which are "nested" so that they go
through two or more remailers, and no one remailer will see the
correspondence between your ARA and your real address.

How might you use an ARA?  You could create a pseudonym, and a public
key corresponding to it.  You could post anonymously, using our
current remailers, to this list or another list.  You could sign your
messages using the public key of your pseudonym, so no one else could
pretend to be you.  And you could put an ARA into your messages so
people could reply to you.  They could reply anonymously if they
wanted to, and could supply you with an ARA of their own.  People
could communicate freely under their online net identities, with
cryptographic protection of their True Names, a la Vernor Vinge.

Hal

P.S. Here again is the public key of the remailer at
<hal at alumni.caltech.edu>.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.01

mQBNAisCtU0AAAEB/jNOYzN1B2YzOxlK/Zb6axoOaGlPq5I7DV9GH3hcGRN5N6Fi
T4sRLhi53Sc5rUdYDa8mFQd4tqvFG6rHcT8LtDcABRG0KlJlbWFpbGluZyBTZXJ2
aWNlIDxoYWxAYWx1bW5pLmNhbHRlY2guZWR1Pg==
=K00H
-----END PGP PUBLIC KEY BLOCK-----






More information about the cypherpunks-legacy mailing list