1993-03-03 - Re: Future of anonymity (short-term vs. long-term)

Header Data

From: jthomas@mango.mitre.org (Joe Thomas)
To: tribble@xanadu.com (E. Dean Tribble)
Message Hash: 5428c56dc54072fe6fddaaefd1a12a8ae3b6995e2d61e6c0a9321fff769707a2
Message ID: <9303031544.AA25573@mango>
Reply To: N/A
UTC Datetime: 1993-03-03 15:48:15 UTC
Raw Date: Wed, 3 Mar 93 07:48:15 PST

Raw message

From: jthomas@mango.mitre.org (Joe Thomas)
Date: Wed, 3 Mar 93 07:48:15 PST
To: tribble@xanadu.com (E. Dean Tribble)
Subject: Re: Future of anonymity (short-term vs. long-term)
Message-ID: <9303031544.AA25573@mango>
MIME-Version: 1.0
Content-Type: text/plain

>	 IMHO a remailer operator should *NEVER* reveal any  
identities, but I
>	 also believe very strongly that especially if you provide a  
way to post
>	 news articles, there has to be a way to send replies to the  
>	 sender. Thus a remailer must maintain mapping info.

>I like this.  Does it make sense (and has it already been talked
>about?) to preserve the return information only for a limited time?

It could make sense.  It would make _practical_ sense in a scheme  
like the one I proposed (then amended thanks to John Gilmore's  
comments) in which the remailer encrypts the return addresses with a  
key that is regularly changed.  Just forget the old keys after a  
certain amount of time.   

(BTW, forget I ever said anything about using timestamps as salt.   
The amount of known-plaintext per message is huge if you do that.   
Any PRNG would be better.  I must have left my brain at home