1993-03-02 - Re: A novel (?) return address idea

Header Data

From: jthomas@mango.mitre.org (Joe Thomas)
To: gnu@toad.com (John Gilmore)
Message Hash: 21e690520ef813dae56d932a088bf92d945109aae0a71ea654a6137f415e403b
Message ID: <9303021956.AA11428@mango>
Reply To: N/A
UTC Datetime: 1993-03-02 19:59:50 UTC
Raw Date: Tue, 2 Mar 93 11:59:50 PST

Raw message

From: jthomas@mango.mitre.org (Joe Thomas)
Date: Tue, 2 Mar 93 11:59:50 PST
To: gnu@toad.com (John Gilmore)
Subject: Re: A novel (?) return address idea
Message-ID: <9303021956.AA11428@mango>
MIME-Version: 1.0
Content-Type: text/plain

From: gnu@toad.com (John Gilmore):

>There seems to me to be a serious problem with the "novel return
>address" idea.  The information that ties together multiple
>anonymous messages from the same person is out in the world,
>encrypted by a single key in a conventional cipher.

[attack methods deleted]

>The idea also suffers from the dossier problem -- all the
>information about return addresses will exist in a single place (at
>the remailer site) where it's tempting for a government (or other
>adversary of privacy) to try for it.

>Keep thinking, folks!  We aren't there yet...

Quite true.  I guess I never really made it clear that I don't  
believe this return address method is very secure, just better than  
the current version available through anon.penet.fi.  Certainly it's  
no reason to abandon the work on SASE's for cypherpunk remailers.

My idea was just to make it difficult to associate different messages  
from the same anon user, while keeping anon.penet.fi's current  
framework.  Now all messages from the same user bear the same return  
address (e.g. an1234).  If you reveal your identity in one anonymized  
message, all of your past messages can be easily linked with you.   
Under the new scheme, associating two messages from the same sender  
would require breaking the remailer's cipher.  Yes, it's possible,  
but it's not trivial.

It's also possible to limit the damage done when a single key is  
compromised.  Change keys periodically (weekly? daily?) and include a  
few bits at the front of the return address that will let the  
remailer know which key to decrypt the rest with. 

The dossier problem is a real one, of course.  If Julf or his machine  
is compromised, all the aliases could be revealed.  But that's true  
now, as well.