From: KINNEY WILLIAM H <kinney@spot.Colorado.EDU>
To: 74076.1041@compuserve.com
Message Hash: d4ee9e929c49a3899ece593d8b113d174579720d7d438db04842500d825cdbde
Message ID: <199304161412.AA09006@spot.Colorado.EDU>
Reply To: N/A
UTC Datetime: 1993-04-16 14:13:24 UTC
Raw Date: Fri, 16 Apr 93 07:13:24 PDT
From: KINNEY WILLIAM H <kinney@spot.Colorado.EDU>
Date: Fri, 16 Apr 93 07:13:24 PDT
To: 74076.1041@compuserve.com
Subject: Proposal for anon chaining
Message-ID: <199304161412.AA09006@spot.Colorado.EDU>
MIME-Version: 1.0
Content-Type: text/plain
Recent traffic on anonymous remailers/servers:
>From: Eli <ebrandt@jarthur.claremont.edu>
>> From: Hal <74076.1041@CompuServe.COM>
>> This method of posting does not allow you to receive replies. I have set
>> "nicknames" for these two accounts as "Untraceable account" which will appear
> >in the "From" line on the postings. Hopefully that will offer a clue that
> >the normal reply mechanism doesn't work. Maybe the nickname should say so
>> more explicitly?
>
>
>The security provided by this technique could be provided without
>the IMHO serious disadvantage of having no return address. Eric's
>hybrid approach, where a pseudonym server hands mail to an remailer
>chain, is secure (barring sophisticated traffic analysis) if you
>trust the last remailer in the chain. Julf, have you thought about
>whether you want to do something like this?
> Hal
Here's an idea I haven't seen suggested before, which would remove the need
for a pseudonym server:
The way things stand now, chaining Cypherpunk remailers works by nesting PGP
encryptions of the form
<remail header>
***********
message text
***********
If you want to chain remailers, you encrypt the above, make IT the new
message text, and then add another header, and so on until you get bored.
My proposal is for a modification of this protocol to allow for
pseudonymous return mail addresses, like this:
The trick would be to separate the message text from the remailer routing
information, in a message of the form
***********
ROUTING INFORMATION
***********
***********
MESSAGE TEXT
***********
where both blocks are encrypted with PGP. The message text would be
encrypted with the PGP public key of the intended final recipient of the
message, and would not be modified by the intermediate anon remailers.
The routing information would be for the benefit of the remailers only.
It would be created by the RECIPIENT and made publicly available as a
pseudonymous mail address. It would work like this:
Suppose user foo@bar.com wishes to establish a pseudonymous identity, and
wants to route it through anon remailers "anon1" and "anon2". What he does
is take a message of the form
::
Request-Remailing-To: foo@bar.com
and encrypts it with server anon1's PGP public key, to create
<ANON1 ENCRYPTED ADDRESS>. Then he adds another header to make
::
Request-Remailing-To: anon1
<ANON1 ENCRYPTED ADDRESS>
and encrypts THIS with anon2's public key to make <ANON2 ENCRYPTED ADDRESS>,
and adds a header to make
::
Request-Remailing-To: anon2
<ANON2 ENCRYPTED ADDRESS>
Obviously, this procedure can be nested to arbitrary depth, chaining
through as many anon servers as you like. The trick is that this address
block can be made PUBLIC, since the only way to unwind the routing is
to have access to the secret keys of all the intermediate anon servers,
and the identity of the recipient is protected. foo@bar.com then
anonymously posts a PGP public key and a routing block to some public forum,
and people can communicate with him without having any idea as to his
actual identity. When I want to send a message to him, I encrypt the
message with his provided public key, and then add the encrypted routing
header, which he has also provided. I give him my own pseudonymous
mail routing header to allow him to reply.
This seems to me to be a very robust pseudonymous mail system which
could be implemented by relatively minor changes to the existing Cypherpunk
remailer structure. It has the additional advantage of being decentralized
and maintenance-free. It could be used for pseudonyms on net news, e-mail,
wherever, and could presumably be integrated in some way into Julf's
anon server.
Comments?
-- Will
Return to April 1993
Return to “KINNEY WILLIAM H <kinney@spot.Colorado.EDU>”