More on remailers.

[Len Sassaman]

There have been quite a few responses to the email I posted the other day
regarding pay-per-use remailers. I'm going to try to follow up on all of
them in this one message.

First of all, the fact that I brought up the topic of pay-per-use
remailers shouldn't be interpreted to mean that I think that is what
needs to be done next in improving the remailer network. As I told those
of you at the last cypherpunks meeting, there are more immediate concerns
and necessary improvements to be made. Ryan Lackey, Steve Schear and Mr.
Melon covered some of the big ones in one of their recent posts. However,
I don't think it is a bad thing to be discussing digital cash remailers,
since I am convinced that they are an eventual necessity.

Anonymous and Meyer Wolfsheim pointed out that the tracking idea doesn't
depend on digital cash, and that one could use a nonce for that purpose.
Yes, this is certainly true -- I was interested in hearing thoughts on the
feasibility of hearing them together. (It seems to me that combining the
two will give additional benefits, such as the ability for the user to
re-use tokens from the latter part of a chain if the message dies in the
former part of a chain, etc., etc.)

While I new that the pay-per-use remailer model I was describing had been
demonstrated many times before, I hadn't been aware that John Gilmore had
proposed a similar system reliability tracking system. I'd appreciate
pointers to that so I can read it.

Anonymous claimed that I contradicted myself in my description of the
remailer tokens. Let me clarify: rather than being an openly traded
currency, like dollars, the only people who need to be able to turn
remailer tokens back into "real cash" are remailer operators. Expect a
money-changing fee as well. (BTW, I prefer the term "remailer stamps" than
"remailer tokens." I think users will understand this better.)

There could certainly be multiple mints, as Tim points out, and remailers
could be their own mint. I suspect some remailers would go this route to
eliminate the money-changing fees, but I was simplifying for my
description.

Meyer and Ryan bring up the point that buying tokens/stamps from a
"remailer stamp vendor" would identify one as a remailer user. I pointed
out in my original message the necessity of a "crowd" of remailer users,
but I'm surprised to see this as a real objection. Mix-nets are designed
to work against an opponent who can see all network traffic, and in that
scenario, everyone who is a remailer user is already identified. Don't
forget this.

Publishing failure notifications with sender-provided keys, as Steve
Schear suggests, seems likely to have large implementation and usage
hurdles. (A separate user's public key for each remailer in the chain
would have to be sent along with each message, and managing this would
become quite difficult for the user.)

Ryan discusses some of the things needed to run a remailer. One of the
things on his list is "a fuck the law attitude". Frankly, it doesn't
matter what your attitude is, how much hardware you have, etc, if your ISP
will shut you down under pressure because of complaints. Even if DSL is
technically sufficient to run a remailer, being a DSL customer is not. Not
everyone hosts their remailer server in a data center known to fire
warning shots at approaching military vessels. Greg Broiles is nobody as
far as Speakeasy is concerned, and shutting him off was a simple solution
to the abuse complaints they were receiving. Had he been a leased line or
collo customer, the situation would probably have been different.

Additionally, Ryan has a list of "what remops want." I suspect that varies
greatly by remop. He completely missed my personal motives for operating
mine.

Ryan is taking the stance that we need "better, not more" remailers. I
tend to agree, but I can't see many companies spending a lot on their
remailers if there isn't a source of revenue.

On the mixmaster-devel and remops lists, we've been discussing the needed
improvements to Mixmaster and remailers in general a lot recently. I won't
go over them here. If you're interested, join the discussion on the
mixmaster-devel list. One thing that hasn't been mentioned a lot, but that
Ryan touched upon just now, is better two-way communication. We need a
good nym system, and reply-blocks don't cut it.

In conclusion, I leave you with a question: if remailer users are reduced
to a small number of high-paying remailer customers for whom anonymity is
not a game, but a matter of life or death, could a mix-net be made to
provide any sufficient degree of security? "No" is the easy answer. Say
yes, and prove it.


--Len.