From: nowhere@bsu-cs.bsu.edu (Anonymous)
To: cypherpunks@toad.com
Message Hash: 43d3596522ca105feda10e191b0e8da8d8ee3938fd5d97f0eb51ccc046b401fc
Message ID: <9302231831.AA12396@bsu-cs.bsu.edu>
Reply To: N/A
UTC Datetime: 1993-02-23 18:34:52 UTC
Raw Date: Tue, 23 Feb 93 10:34:52 PST
From: nowhere@bsu-cs.bsu.edu (Anonymous)
Date: Tue, 23 Feb 93 10:34:52 PST
To: cypherpunks@toad.com
Subject: No Subject
Message-ID: <9302231831.AA12396@bsu-cs.bsu.edu>
MIME-Version: 1.0
Content-Type: text/plain
In-reply-to: Johan Helsingius' message of Tue, 23 Feb 1993 10:14:27 +0200.
<9302230933.aa20090@penet.penet.FI>
-----BEGIN PGP SIGNED MESSAGE-----
> Well, then, how *should* anon.penet.fi operate? I really am open to
> suggestions...
I'll restrict my comments to anonymous email, but the application to
anonymous USENET posting is analogous.
I'll ignore messages of the sort
From: Alice
To: anon@anon.penet.fi
X-Anon-To: Bob
X-Anon-Password: zzz
since it's clear that Alice's identity should be concealed in this
case. The problem we're dealing with is the message of the sort
From: Alice
To: Bob <anxxxx@anon.penet.fi>
Should the remailer expose Alice's identity in the message that it
forwards to Bob? If it does so blindly, Alice's anonymous identity is
subject to accidental exposure. If it does not conceal Alice's
identity, then certain expectations of anonymity might not be realized
(according to Johan).
Here's a way out that will satisfy me and Johan: assign Alice a new
pseudonym here and now, one that will be good for replies only. If
Alice has registered with the remailer in the past, i.e., if she has a
password, then she knows how to X-Anon-To:, but has opted not to. If
she has not registered, then it is also appropriate to assign her a new
ID. However, should she later register, I suggest she be given a new,
permanent, password-protected ID, just in case her earlier reply
inadvertently exposed her real ID (in the way we have been discussing).
In essence, I'm suggesting that the Finnish remailer have two classes
of anonymous IDs, one that is password protected, and one that is not.
The former should never be used without the X-Anon-Password header.
DEADBEAT
P.S.: Another suggestion I would make is that the remailer _not_ strip
In-Reply-To: headers.
-----BEGIN PGP SIGNATURE-----
Version: 2.1
iQBFAgUBK4pRavFZTpBW/B35AQGC2AF/Q+LZt6T+SupvLftQom7xlon7+8LOGLpX
bSy1lT0XEyzPQ1nwCDGOr0+MF9KdwPEO
=AoKd
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind system, any replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
*IMPORTANT server security update*, mail to update@anon.penet.fi for details.
Return to February 1993
Return to “nowhere@bsu-cs.bsu.edu (Anonymous)”
1993-02-23 (Tue, 23 Feb 93 10:34:52 PST) - No Subject - nowhere@bsu-cs.bsu.edu (Anonymous)