A novel (?) return address idea
Joe Thomas
jthomas at mango.mitre.org
Tue Mar 2 11:59:50 PST 1993
From: gnu at toad.com (John Gilmore):
>There seems to me to be a serious problem with the "novel return
>address" idea. The information that ties together multiple
>anonymous messages from the same person is out in the world,
>encrypted by a single key in a conventional cipher.
[attack methods deleted]
>The idea also suffers from the dossier problem -- all the
>information about return addresses will exist in a single place (at
>the remailer site) where it's tempting for a government (or other
>adversary of privacy) to try for it.
>Keep thinking, folks! We aren't there yet...
Quite true. I guess I never really made it clear that I don't
believe this return address method is very secure, just better than
the current version available through anon.penet.fi. Certainly it's
no reason to abandon the work on SASE's for cypherpunk remailers.
My idea was just to make it difficult to associate different messages
from the same anon user, while keeping anon.penet.fi's current
framework. Now all messages from the same user bear the same return
address (e.g. an1234). If you reveal your identity in one anonymized
message, all of your past messages can be easily linked with you.
Under the new scheme, associating two messages from the same sender
would require breaking the remailer's cipher. Yes, it's possible,
but it's not trivial.
It's also possible to limit the damage done when a single key is
compromised. Change keys periodically (weekly? daily?) and include a
few bits at the front of the return address that will let the
remailer know which key to decrypt the rest with.
The dossier problem is a real one, of course. If Julf or his machine
is compromised, all the aliases could be revealed. But that's true
now, as well.
Joe
More information about the cypherpunks-legacy
mailing list