New anon mailer idea?

Graham Toal gtoal at an-teallach.com
Mon Apr 11 16:18:19 PDT 1994


*** This message is not from the person in the headers above.
*** Reply to this message as normal, but be sure to include the
*** following three lines in the mail when you do:
*** Remailer-Reply-To: fdwgfjghfsdvkglhfslkjghfdkjhgkjfhgkfhg
*** 	ljdfhkjhgfkjhfgkvjhfklvgkfjhvbgjkfhgjkhfgfkjhgjkfhgjf
***	jkfdhkjfhgk;hfdgklhfdlgfldjkglkjfhg;hfgkjhfhgfghfkdhg
*** Your reply mail will be anonymised.

:From: Matthew J Ghio <mg5n+ at andrew.cmu.edu>

:> How about generating a secure hash and using that as an index
:> into a table?  If there's an address already there, use that -
:> otherwise, generate one.
:> 
:> Generate the hash from the incoming address, of course.  That way,
:> you  don't need to keep track of anon-id-to-real-id mappings, yet
:> guarantee that each user has one and only one anon address. Of
:> course, folks coming in from different hosts will have different
:> anon ID's.
:> 
:> Or have I missed some blindingly obvious technical point thaqt
:> would make this impossible?

:I don't see how this would prevent me from having to keep track of
:anon-id-to-real-id mappings.  It could work for sending mail, but I'd
:still have to have some way of keeping track of the real ids for the
:replies.

Excuse me butting in to a discussion I haven't really been following (I
don't have a lot of interest in remailers); I'm wondering if everyone
is missing some terribly obvious point here.

Without knowing too much about how the current anon/remail stuff works,
tell me what you think of this way of doing things (apologies if it's
what someone already does or has been discussed recently).

I want to mail fred at somesite anonymously.  I know fred at somesite's
public key.  I encrypt my message for fred, then send it to a
remailer address with instructions to pass it on to fred.  For a little
eavesdropping security, I include an anonymous pgp key of mine
in the mail to fred so that he can reply to me without the remailer
operators reading his mail.  You can choose your favourite syntax
for how I ask the remailer to send this mail to fred - I don't care
what it is.


The remailer then encrypts *my reply mail address* with the remailers own
key, and inserts this as a header in the mail which only it can read.
It attaches a little message to this header saying 'when you reply to
this message, be sure to include this opaque header I'm giving
you here...'

The recipient gets the mail, decodes it, reads it, and replies.
(Maybe encrypted with an anonymous public key I included in the
mail, maybe in cleartext - doesn't matter for the scheme) When
he replies, he included the small encrypted block that the remailer
gave him at the top of his message, as he was asked to do by the
remailer.

The reply goes to the anonymous remailer.  The anonymous remailer
decrypts the header block that it searches the mail for, and
extracts my email address from it again.  The remailer then passes
the mail back to me - this time including an encrypted block with
the fred at somesite's address in it.  (Or some other address if
fred replied from another account; or perhaps I mailed a mail
to news gateway - well, my encrypted address will still work
even if a dozen people reply to the news article by mailing
via the remailer, and now I *don't* know who the encrypted
sender is)

In this way, once a conversation has been established, replies
can keep going backwards and forwards without much fancy protocol
at all - all you ever do is remember not to delete the encrypted
block that the remailer keeps inserting at the top of your mail.

And with this scheme, the remailer does not need to remember the
addresses of either the initial poster or the recipient, and
hence can't divulge them if the machine is hacked.  So it gives
you a combination of the penet-style mailer with return address,
and the cypherpunk-style mailer of throw-away anonymity -- as
long as you trust the remailer operator not to cheat and log
stuff anyway.  Of course, you then extend the scheme by the
same mechanisms that the cpunk remailers already use - chaining
from one remailer to the next... if done properly, the return
addresses should chain too, transparently, and the whole scheme
will remain easy to use.

Clearly this scheme is succeptible to mass logging of comms links
followed by a bust to grab the remailer's secret key, but that's
about par for the current remailers anyway.  This scheme is no
worse, and possibly quite a bit better.

So, have I just stated the obvious or is this a new idea to anyone?

Regards

G
PS Note this scheme doesn't need Matthew's hack for "+" in
usernames, which not everyone wanting to run a remailer in
say a private account on netcom etc would be able to install...
PPS I thought for fun I'd put a header of the kind I'm
talking about on this mail.  Anyone replying should note
it really *will* go to me, and you *won't* be anonymized ;-)






More information about the cypherpunks-legacy mailing list