From: jthomas@mango.mitre.org (Joe Thomas)
Date: Wed, 3 Mar 93 07:48:15 PST
To: tribble@xanadu.com (E. Dean Tribble)
Subject: Re: Future of anonymity (short-term vs. long-term)
Message-ID: <9303031544.AA25573@mango>
MIME-Version: 1.0
Content-Type: text/plain



>	 IMHO a remailer operator should *NEVER* reveal any  
identities, but I
>	 also believe very strongly that especially if you provide a  
way to post
>	 news articles, there has to be a way to send replies to the  
original
>	 sender. Thus a remailer must maintain mapping info.

>I like this.  Does it make sense (and has it already been talked
>about?) to preserve the return information only for a limited time?

It could make sense.  It would make _practical_ sense in a scheme  
like the one I proposed (then amended thanks to John Gilmore's  
comments) in which the remailer encrypts the return addresses with a  
key that is regularly changed.  Just forget the old keys after a  
certain amount of time.   


(BTW, forget I ever said anything about using timestamps as salt.   
The amount of known-plaintext per message is huge if you do that.   
Any PRNG would be better.  I must have left my brain at home  
yesterday...)

Joe