From: “Jon ‘Iain’ Boone” <boone@psc.edu>
To: cypherpunks@toad.com
Message Hash: 6e52049f4820902ed664bbe81016c3aa378d6a847494aea12a28f31fcb9445e7
Message ID: <9402171612.AA00342@igi.psc.edu>
Reply To: <9402150715.AA02994@toxicwaste.media.mit.edu>
UTC Datetime: 1994-02-17 16:15:23 UTC
Raw Date: Thu, 17 Feb 94 08:15:23 PST
From: "Jon 'Iain' Boone" <boone@psc.edu>
Date: Thu, 17 Feb 94 08:15:23 PST
To: cypherpunks@toad.com
Subject: Re: Models of Anonymity (was Re: Detweiler abuse again)
In-Reply-To: <9402150715.AA02994@toxicwaste.media.mit.edu>
Message-ID: <9402171612.AA00342@igi.psc.edu>
MIME-Version: 1.0
Content-Type: text/plain
Derek Atkins <warlord@MIT.EDU> writes:
>
> I'm not sure that I really meant to have a receipt, more or a
> return-path. Maybe even a cryptographiccally secure return path. I
> think a question is: who are we protecting against? Are we protecting
> against the remailer operators? Or are we trying to protect from a
> third party?
I think that we are trying to protect against 3rd parties. With the
X-A-R-P:/X-A-S-P: scheme I posted, each remailer *could* log who it
came from and who it was going to -- it's optional. But, (with the
appropriate delays and padding to prevent traffic analysis), a third
party would not be able to figure that out.
> To me, this is like NEARNet saying that they have no obligation to
> accept packets from a known disruptive user. No, I don't believe that
> that is the answer. Then again, I don't think that a remailer should
> run out of an account, but rather on a machine, but that's a different
> story. I consider a remailer a service, and as such, the service
> should be available to all comers. (With digital postage this
> paradigm makes much more sense). I do not think of it like a home.
I would argue that you are correct. Anonymous remailing is a new service.
It should have new servers that run on a well-known port (so that any user
can start one up) and hacks could be put into most of the current mail
agents to support using an anoymous remailer. We don't even have to follow
RFC 822 in the format of our messages, though I think we should.
> I also agree that positive reputation is important, but I think that
> is much more difficult to implement than a more secure anonymous
> system.
Yes. The easiest way to build a reputation is to assign some unique
public/private key pair to each anonymous user and require all remailed
messages to be signed. Then, you as a user can choose to ignore or
read messages from that id. Additionally, it does allow for the
server daemon to reject postings from "abusive" ids or simply not forward
the posting, but rather a notice stating the ID and subject line of the
message, making it available in a public place like anonymous ftp or
gopherspace for those who *do* want to read it.
The really nice thing about this is that it won't prevent people from
having their anonymity, but it will cut down on the actual damage that
abusers can do.
> To reiterate: I do think that something needs to be done, but I think
> we should analyze what we are trying to accomplish rather than rushing
> off and saying "just don't service this abusive customer".
I agree. I think anonymous remailing should be as close to universal as
possible. If there *is* a way to service everyone, I think we should do
it. Resorting to non-service of "abusers" should be the last resort.
Jon Boone | PSC Networking | boone@psc.edu | (412) 268-6959 | PGP Key # B75699
PGP Public Key fingerprint = 23 59 EC 91 47 A6 E3 92 9E A8 96 6A D9 27 C9 6C
Return to February 1994
Return to “wisej <wisej@acf4.NYU.EDU>”