RemailerNet

Lance Cottrell lcottrell at popmail.ucsd.edu
Wed Aug 10 18:53:26 PDT 1994 

-----BEGIN PGP SIGNED MESSAGE-----

Quoth Jonathan Rochkind <jrochkin at cs.oberlin.edu>:
>Part of our disagreement/misunderstanding might be in differing      
>conceptions of the form the remailer net should take.
> 
>> There should be two anonymous IDs, one for sending, one for
>> receiving.
> 
>You seem to be talking about a Julf-style anon system, where the system
>knows who you really are. If the system is corrupt, if Julf were an 
>NSA agent, then the entire system is compromised and useless. 
>I like the cypherpunks remailer concept better, where each link in the chain
>only knows the next link in the chain, and security is achieved by
>multiple links. If several of the links are actually NSA agents, your security
>is reduced, but not compromised completely. If you've got a chain of, say
>10 links, even if 7 of them are evil NSA agents, you still can probably retain
>your anonymity. Return addresses are accomplished by encrypted  
>"resend-to:" blocks. It seems much preferable to have a system where it
>isn't neccesary to trust any one net entity completely, as it is in a 
>Julf-style anon-ID system. [Of course one could use a combination of both
>in communications too, but I wouldn't feel safe unless my anonimity was
>safe even if the Finish FBI raided Julf's site.]
> 

I have been worrying a lot about these anonymous return addresses. They seem
very vulnerable to attack.

Say I post a message through remailers to Cypherpunks giving one of these
reply blocks. The TLA need only send a flood of known size messages to this
address, and look to see where the pop out of the net of remailers. Even if
all messages were quantized and only reconstructed by the final recipient, the
TLA could send timed bursts of messages which (even with reordering) would 
allow a statistical determination of the recipient.

I think that the solution to this is some sort of hold and forward on demand
system. An anon ID would be posted to Cypherpunks, and that account ID with
a key, sent to the message holder. One would then request for a certain number
of messages or number of kilobytes of messages to be sent to the address
specified by the old sort of remailer block. This message would be signed by the
key, and could indicate remailing to anywhere, even to another hold and forward
location. This prevents the TLA from sending many messages to the final
destination in such a way that they could be used for traffic analysis.

Thoughts?

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLkmSPVVkk3dax7hlAQGElQP7B14ChmebN2iEBRidpDFm1qrzbDRSE/Eh
WGdcNwhn5wThxCKVaY6OjAgs61xMQPk7XGwO8MjJdZOAXCm9Mqos7wVEFaz5UqUV
7nnOcTHrCdCQcPULFt6mpjAug1KYtkFx+2NXa6PBzNTxkZ9Svh6Hk6mii/5p+dLH
tEW3uihAERo=
=tSI9
-----END PGP SIGNATURE-----

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki at nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche

More information about the cypherpunks-legacy mailing list