From: an5877@anon.penet.fi (deadbeat)
Date: Tue, 23 Feb 93 08:19:50 PST
To: cypherpunks@toad.com
Subject: Re: Beware of anon.penet.fi message!
Message-ID: <9302231520.AA03498@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain


In-reply-to: Johan Helsingius' message of Tue, 23 Feb 1993 09:32:54 +0200.
	     <9302230851.aa19921@penet.penet.FI>
-----BEGIN PGP SIGNED MESSAGE-----

> >                                                    The problem became
> > apparent to me when I sent pseudonymous mail to a prominent person on
> > this list; his reply exposed his pseudonymous id at anon.penet.fi,
> > surely without his knowledge.
>
> I think this would be fixed by the "X-Anon-Anonymize: no" (or whatever)
> hack. But for reasons I have outlined in the earlier round of
> discussions, it can't be the default. Comments?

If it's not the default behavior, then it will be a recurring problem.

> There has been a lot of discussion about this, and I'm afraid it's too
> late to change the *default* behavior now...

Why?  It seems to me the X-Anon-Password header was a pretty major
change, yet you made that change to preserve people's pseudonymous
identities.  The instant challenge is just as grave, don't you think?

> P.S. In case I forgot to announce it, as you could see from the message
> I'm replying to, PGP stuff doesn't get stripped at anon.penet.fi
> anymore.....

Great stuff.  Thanks.

DEADBEAT

-----BEGIN PGP SIGNATURE-----
Version: 2.1

iQBFAgUBK4o8FfFZTpBW/B35AQFQgwF/QU9NQmgtFKfv+KMoghtSwTL/e8vh3G4b
vwlZy3yWF6D4+LVAnOEcuh0gvxJSNi51
=hD4O
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind system, any replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
*IMPORTANT server security update*, mail to update@anon.penet.fi for details.