1998-10-11 - Re: Hidden WebTV signatures

Header Data

From: “Robert A. Costner” <pooh@efga.org>
To: cypherpunks@cyberpass.net
Message Hash: e1a0aeb1ea9303d1d4efad7077bf9f272b95f06b5bfe13734c88fe8ca3ee9b3d
Message ID: <3.0.3.32.19981011134922.03d645e4@rboc.net>
Reply To: N/A
UTC Datetime: 1998-10-11 18:12:14 UTC
Raw Date: Mon, 12 Oct 1998 02:12:14 +0800

Raw message

From: "Robert A. Costner" <pooh@efga.org>
Date: Mon, 12 Oct 1998 02:12:14 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Hidden WebTV signatures
Message-ID: <3.0.3.32.19981011134922.03d645e4@rboc.net>
MIME-Version: 1.0
Content-Type: text/plain



At 03:29 AM 10/12/98, Peter Gutmann wrote:

I have experimented with an X-signature line for "remailing" messages.  I
was recently trying this with the dragoncon.net service.

Cracker is a traditional Cypherpunk remailer.  Properly used, messages from
Cracker are not traceable even to governments.  Cracker generates enough
complaints to be bothersome.  Redneck, the nymserver, on the other hand
produces almost no complaints.  I perceive the different on the user's side
as being accountability and the use of a persistent identity.  On the
recipients side, the issue is retribution.  There are people who receive
anonymous messages who simply want retribution.  Cracker does not allow
this retribution to the user (so they pick on me:).  Redneck does allow
retribution.  http://anon.efga.org

Cracker and Redneck are "special" in that under no circumstances are logs
kept, messages traced, or any attempt done to track users.  So I started a
variation of a nym service at another domain, http://www.dragoncon.net

Based on comments from recipients and users of anonymous messages, I kept
two requirements

 * No user based encryption required
 * Retribution against the user is available

There is/was a back door in that while all messages go out with an X-IP
header, this is "lost" if the user originally registered with a first name
of "Anonymous".  I will not claim this is as secure as Cracker or Redneck,
but the service does fit the needs of many people.

I wanted to keep my original requirements in mind and allow messages to be
sent  "From: Anonymous" such as a cypherpunk remailer does.  In an effort
retain my requirement of recipient retribution, I experimented with the
idea of adding an X-Signature header which verifies the messages and the
sender address, but only to the dragoncon.net  mailer software.  I
experimented with PGP and the smallest key length hoping to get signatures
down to two lines, but this was not possible.

The idea was that only a registered user could post a message using the
"Anonymous" user id.  But if there were complaints, then I could assist the
complainant in getting retribution.  In fact, it would even be possible to
send replies to "Anonymous" and the remailer would determine who to send
the message to.

I played with it for a day.  Maybe I'll pick it up again later.  Any
comments on the idea are appreciated.  I don't usually read all cypherpunk
messages, so cc'ing me if you start a new thread would be nice.





  -- Robert Costner                  Phone: (770) 512-8746
Get your free email at http://www.dragoncon.net





Thread