1993-03-26 - Distributed anonymous posting (was Re: Many Important Items…)

Header Data

From: Eric Hughes <hughes@soda.berkeley.edu>
To: cypherpunks@toad.com
Message Hash: e40a2f9da83e877ca502173700803eccbb32d44969382cfb4773335a70366a9e
Message ID: <9303260725.AA23290@soda.berkeley.edu>
Reply To: <Pine.3.05.9303251227.A7954-d100000@access.digex.com>
UTC Datetime: 1993-03-26 07:30:20 UTC
Raw Date: Thu, 25 Mar 93 23:30:20 PST

Raw message

From: Eric Hughes <hughes@soda.berkeley.edu>
Date: Thu, 25 Mar 93 23:30:20 PST
To: cypherpunks@toad.com
Subject: Distributed anonymous posting (was Re: Many Important Items...)
In-Reply-To: <Pine.3.05.9303251227.A7954-d100000@access.digex.com>
Message-ID: <9303260725.AA23290@soda.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain

>Anonymous posting has been around as long as
>Usenet, in the form of forged messages.  

This is an excellent point of rhetoric.  Perhaps we should teach mail
and news forgery as a technique to the defense of privacy?   1/2 :-)

>I have been working through a few ideas for the design of a
>_distributed_ anonymous posting service, 

>[...] secret sharing might be used for remailer private keys.

I have convinced myself that some form of secret sharing will be
necessary for a distributed system that is robust against single point
failure.  You don't want single point manipulability, either, if you
can get it.

There are two basic ways to proceed: hard nodes, difficult to take
down, or soft nodes, easy to reconfigure around.  Both approaches
should be looked at.

Hard nodes are more difficult politically; soft nodes are more
difficult technically.

A soft node necessity: a directory lookup service, distributed,
sharing data.  Merely specifying the first point of contact and
alternate paths doesn't cut it.  You don't want to have to retry a
bounced message so many times.

Who here knows enough about sendmail to consider the eventual
feasibility of integrating pseudonym lookup into mail transfer?