anonymous return addresses

Marc.Ringuette at GS80.SP.CS.CMU.EDU Marc.Ringuette at GS80.SP.CS.CMU.EDU
Tue Feb 23 10:56:17 PST 1993

The recent penet troubles are a reminder that secure anonymous return
addresses are a lot harder than secure anonymous mail with no return
capability.  Maybe it's time to go over the options available to us
for anonymous return?

  1. Remailer memorizes a pseudonym.  I don't like this, mainly because
     it leaves the remailer operator vulnerable to pressure to reveal
     the correspondence between real and anonymous id's.  It
     also opens up about a million possible security holes, as
     we've noticed.

  2. The anonymous message includes a cryptographic "stamped
     self-addressed envelope" which contains a layered list of
     remailer addresses encrypted at each layer.  This requires
     modified behavior of remailers; they must be willing to "unwrap"
     an address-list separately from the message body, and then
     "wrap" the entire message with the destination's public key,
     in order to disguise the correspondence between input and output.
     I think this has been discussed here before.  Has anyone
     implemented it?
        I strongly suggest that this method be implemented in
     the cypherpunks remailers.  Let's call it the SASE feature.
     What do you think?

  3. The reply to an anonymous message can be posted in a public place
     encrypted for a key known only to the sender.

Have I missed any important methods?

-- Marc Ringuette (mnr at

More information about the cypherpunks-legacy mailing list