CDR: Re: Anonymous Remailers cpunk
Bill Stewart
bill.stewart at pobox.com
Tue Oct 3 18:33:22 PDT 2000
At 05:46 PM 10/3/00 -0400, Steve Furlong wrote:
>Jim Choate wrote:
>>
>> On Tue, 3 Oct 2000, Trei, Peter wrote:
>>
>> > I would like to suggest that a remailer could eliminate nearly all it's
>> > problems by only sending out encrypted mails - that is, if after
>> > removing the encryption that was applied using it's own private
>> > key, it finds that the result is plaintext, it simply drops the message.
>>
>> And just exactly what algorithm is that you're using to determine
>> crypt-v-plaintext?
>
>Why not just read the first 20 bytes of the body? If 90% or more aren't
>printable ASCII assume the message is encrypted.
Doesn't work - many mail packages will encode non-printable characters
in ASCII, either with MIME or UUENCODE or hex or whatever,
and many encryption packages, like PGP, do that already.
If you require PGP Encryption, you can look for the
-----BEGIN PGP ENCRYPTED STUFF------
line. That still gets you into trouble with MIME if you're not careful,
so either be careful or don't :-)
The only way you can really tell if something is encrypted
is for a human to look at it. Otherwise people will figure out
that they can send messages saying
-----BEGIN PGP ENCRYPTED STUFF------
HaHaWeFooledTheRemailer. You suck!
-----END PGP ENCRYPTED STUFF-----
But still, you can keep out all but really determined abusers,
and all but incredibly determined spammers.
(Even basic encryption will keep out almost all spammers.)
(You could check that the whole message follows PGP syntax,
but without knowing at least one decryption key you can't tell
if it's valid or if they wrote the abuse on top of an otherwise
syntactically correct encrypted message.)
If you want to get fancier, you can also limit destinations to known remailers
or to people who've replied to a "You have anonymous mail - return this cookie
if you want to receive it. <blurbage about remailers>" request.
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
More information about the cypherpunks-legacy
mailing list