From: Alan Barrett <barrett@daisy.ee.und.ac.za>
Date: Sat, 23 Oct 93 12:18:26 PDT
To: Matt Blaze <mab@crypto.com>
Subject: Re: Warning about exposing anon id
In-Reply-To: <9310231826.AA08908@crypto.com>
Message-ID: <Pine.3.03.9310232053.F3609-b100000@daisy.ee.und.ac.za>
MIME-Version: 1.0
Content-Type: text/plain


Matt Blaze says:
> I think the best solution is to require any message sent through a
> remailer to include explicit instructions as to how it should be
> handled. [...] Messages that don't include the field should bounce,
> probably with some instructions as to how to fix the message to make
> it go through properly.

For messages that are deliberately sent through remailers, I agree
that the sender should provide explicit instructions to direct the
operation of the remailer.  However, I would note that the mere act of
deliberately using a particular remailer can constitute an explicit
instruction for the remailer to perform its "standard" processing.

Messages that are inadvertantly sent through remailers by innocent folk
who simply reply to a (pseudonymous) message that they have received,
or simply write to an address that they have seen advertised, are
different.  I think that such messages should function as much like
ordinary (non-anonymous) mail as possible, consistent with the goal of
protecting the recipient's identity, to avoid surprising the innocent
sender.  Servers like the present implementation of anon.penet.fi do not
satisfy this requirement.

--apb (Alan Barrett)