From: rarachel@prism.poly.edu (Arsen Ray Arachelian)
Date: Mon, 24 Jan 94 21:26:44 PST
To: cypherpunks@toad.com
Subject: Re: REMAIL: Cover traffic
Message-ID: <9401250506.AA23326@prism.poly.edu>
MIME-Version: 1.0
Content-Type: text


Why can't the remailers themselves send encrypted mail to each other totally
masking the incoming messages?

Each remailer can have a public/private key associated with every other
remailer on the network, with full pgp type signatures to prove they
came from a remailer and not a spook or nym?

Each remailer has a fingerable public key.  When remailer x sends a message
to remailer y, it encrypts it with y's public key after fingering y, and
also signs the message.

Y could also be a paranoid remailer, and if it doesn't know X, it could tell
it to go stick its message up its SCSI port. :-)

All these ideas along with trash junk mail being sent every few minutes
could work.  Even better, have each remailer send a specific number of
messages to each of the other remailers on the network.  These messages
would be bogus messages, however, there would be a fixed number of them.

If a real nym message arrives, it is sent to the next mailer up the chain,
as part of the n (n-1 now) that are bogus.  That way a spook couldn't tell
where a message was going since he couldn't count the number of messages
going out of the mailer.  

Also if a target remailer has n real messages to be sent to, any messages
over that assigned packet size of messages get spooled for the next round
of bogus mail.  This way each remailer will send exactly n messages to
every other remailer on the net every specified period of time.

What kind of analysis can be done with this sort of scheme?