CDR: RE: Anonymous Remailers cpunk

[Tom Vogt]

Jim Choate wrote:
> And just exactly what algorithm is that you're using to determine
> crypt-v-plaintext?

that's a problem. if no such algorithm exists, I suggest that - for this
specific purpose - a few heuristics would do. suggestion (version 0.1):

- dictionary of 100 most common words from english plus a couple other
  languages. if more than 1% of the text fits, it's either plaintext or
  a really weird cipher.

- look for PGP-style "encrypted message starts here" tags

- look for "multipart/encrypted" headers


it's not perfect, but it should do if the mailer policy clearly explains
it.


> And let's not forget the key managment problem if remailers impliment such
> a policy. Without a secure key management scheme then the 'encrypted body'
> approach won't work because Mallet has the keys.

that's not the issue, is it? the purpose here is:

a) make the remailer spam-proof. the requirement to encrypt every mail
(i.e. encrypt 1000 times if you send to 1000 people) drives the costs
for spam up to where it no longer pays the bills.

b) make the remailer censor-proof. if I can show that I have no idea of
what's going through my server, you can't force me to filter out
specific content (same idea works on freenet)