1993-11-05 - ANON: random remailing

Header Data

From: Karl Lui Barrus <klbarrus@owlnet.rice.edu>
To: cypherpunks@toad.com
Message Hash: c76d0953e2f9695a513d68057c35880a0345a578b1f1b7786e1d196702acc525
Message ID: <9311052351.AA14311@elf.owlnet.rice.edu>
Reply To: N/A
UTC Datetime: 1993-11-05 23:52:35 UTC
Raw Date: Fri, 5 Nov 93 15:52:35 PST

Raw message

From: Karl Lui Barrus <klbarrus@owlnet.rice.edu>
Date: Fri, 5 Nov 93 15:52:35 PST
To: cypherpunks@toad.com
Subject: ANON: random remailing
Message-ID: <9311052351.AA14311@elf.owlnet.rice.edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Exacltly how do you fake mail with telnet or use a newsgroup for
>one-way anonymous email?  Care to elaborate?

Whoops, I think I was vague in my earlier response.

In mail, either you know whoever your mailing to or you don't.  If A
wants to mail B and doesn't need a response:

If A doesn't know B, A could use telnet to fake mail to B.  This
leaves more of a trail than an anonymous remailer, narrows down where
the message could have come from, but obscures who actually sent it
(I'm sure some logging facilities invalidate this).

If A knows B, they could agree to use a newsgroup as an anonymous pool
(sort of).  A posts a message, B reads it.

- From time to time, random remailing is suggested.  I think I'll go
re-read Chaum's paper and think about it more, but I'm nearly positive
that this makes it easier to pair up sender and destination.

Suppose remailers used random routing.  Assuming one remailer can be
trusted (the first hop) so linking A and mail sent to the trusted
remailer is not possible, A could send to B via the trusted remailer.
B's address will be made available to every remailer.  Now when B
replies, A's address is made available.  Caching and padding messages
may help, but all an eavesdropper has to do is monitor mail from B, a
known address, and when mail hits any remailer, A's address is known.

So is it reasonable to assume an eavesdropper can monitor a remailer
(all remailers except the trusted remailer), they can also monitor an
arbitrary address (B's)?

Hm...


-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLNrmyoOA7OpLWtYzAQHZxgP9HtoFrHh+grNuP3rG3jI+uXYRi36FzQ7f
/BftSwec4ZGtJ/L14EB1fwP6j31m365VflUMzckJk0kViLcS3pMT85dCEK5pIduu
kzzdhBGS/MRYaj2uHlSMdz2dtyzwtjYc7hLyAriPLCKcwLrCcc440G81Z0BSWOhj
5ECgPYSNsIM=
=VKgV
-----END PGP SIGNATURE-----





Thread