From: jthomas@mango.mitre.org (Joe Thomas)
Date: Tue, 2 Mar 93 11:59:50 PST
To: gnu@toad.com (John Gilmore)
Subject: Re: A novel (?) return address idea
Message-ID: <9303021956.AA11428@mango>
MIME-Version: 1.0
Content-Type: text/plain


From: gnu@toad.com (John Gilmore):

>There seems to me to be a serious problem with the "novel return
>address" idea.  The information that ties together multiple
>anonymous messages from the same person is out in the world,
>encrypted by a single key in a conventional cipher.

[attack methods deleted]

>The idea also suffers from the dossier problem -- all the
>information about return addresses will exist in a single place (at
>the remailer site) where it's tempting for a government (or other
>adversary of privacy) to try for it.

>Keep thinking, folks!  We aren't there yet...

Quite true.  I guess I never really made it clear that I don't  
believe this return address method is very secure, just better than  
the current version available through anon.penet.fi.  Certainly it's  
no reason to abandon the work on SASE's for cypherpunk remailers.

My idea was just to make it difficult to associate different messages  
from the same anon user, while keeping anon.penet.fi's current  
framework.  Now all messages from the same user bear the same return  
address (e.g. an1234).  If you reveal your identity in one anonymized  
message, all of your past messages can be easily linked with you.   
Under the new scheme, associating two messages from the same sender  
would require breaking the remailer's cipher.  Yes, it's possible,  
but it's not trivial.

It's also possible to limit the damage done when a single key is  
compromised.  Change keys periodically (weekly? daily?) and include a  
few bits at the front of the return address that will let the  
remailer know which key to decrypt the rest with. 


The dossier problem is a real one, of course.  If Julf or his machine  
is compromised, all the aliases could be revealed.  But that's true  
now, as well.

Joe