From: b44729@achilles.ctd.anl.gov (Samuel Pigg)
Date: Fri, 27 Aug 93 21:48:30 PDT
To: cypherpunks@toad.com
Subject: Attacks on remailers (LONG)
In-Reply-To: <199308280353.AA02675@gaea.synopsys.com>
Message-ID: <9308280446.AA01688@achilles.ctd.anl.gov>
MIME-Version: 1.0
Content-Type: text/plain



>>>>> On Fri, 27 Aug 93 20:53:51 -0700, eric@Synopsys.COM said:

>>>>> On Fri, 27 Aug 93 05:52:43 CDT, b44729@achilles.ctd.anl.gov (Samuel Pigg) said:

Samuel> Correct me if I'm wrong, but as I see it, there are two goals
Samuel> for the remailers:

Samuel> (1) 	Anonymous addresses to which mail can be sent, but the recipient
Samuel> 	is unknown and cannot be determined (receiving anonymous mail).

Samuel> (2)	The ability to send mail to someone without anyone
Samuel> (including 	the recipient) determing that you did so
Samuel> (sending anonymous mail).

Samuel> Number 2 can be mostly taken care of with nested encryption of
Samuel> mail headers.

	[...]

Samuel> To construct an anonymous address block might be something like:

Samuel> 	Anonymous Anne wants an anonymous address.
Samuel> 	First she generates a set of N keys (IDEA, DES or .......

	eric> That's basically the way SASE works.  It's important
	eric> that some of the keys be public key pairs, however; as
	eric> you need to be able to publish one half of a key, and
	eric> seal the other half for an unpublished remailer to
	eric> decrypt with.

I don't see why some of the keys need to be public key pairs.
The intermediate encryptions done by the remailers are only to be
undone by the anonymous recipient correct?

So why would one part of the keys need to be published?
(the anonymous address block would have these keys sealed in the various
nested encryption levels, as you said.)

	eric> One thing is certain, these protocols are not simple.
	eric> We definitely need people thinking about them...

..and discussing them! (as we are doing now.)

-Sam