From: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Date: Fri, 15 Apr 94 00:13:51 PDT
To: cypherpunks@toad.com
Subject: Re: Remailer Reply Blocks
In-Reply-To: <199404150227.DAA28644@an-teallach.com>
Message-ID: <UhfXsJ600awQQFJlkb@andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: text/plain


Graham Toal <gtoal@an-teallach.com> writes:

> One thing more has to be done to foil traffic analysis - the encrypted
> email address has to be padded out a lot so that they can't guess who
> it was by knowing the lengths of the email addresses of a small set
> of possible posters.  Assuming we're already stripping out the personal
> names etc in email addreses and just keeping the canonical bits (for
> example "Graham Toal" <gtoal@gtoal.com>  ->   gtoal@gtoal.com
> then I'd suggest padding with spaces to something like 64 chars,
> then going up +64 each time for those X400 idiots who might want
> to post through us :-)  That way you won't be able to tell a 128-byte
> long name from 2 hops of a 64-byte short name.

My remailer doesn't quite do the padding the way you describe, it adds a
random amount of padding, so that the addresses will vary somewhat in
legnth.  It's not a perfect solution, but I thought it was best to keep
the return address as short as possible since it has to fit in the To:
header.  However, with an encrypted block, perhaps more padding would be
acceptable.
As for the reply block, my remailer strips out everything except the
actual address, but appearantly Eric's doesn't.  I can't say which is
best, it has been suggested that we might want to put the reply info in
the to header in parentheses.

Someone asked me in email if there was a way to chain emails from my
remailer through soda, so that no single person knows your identity. 
You can send to remailer@soda.berkeley.edu anonymously via:
mg5n+an4gyeonc4pgah6dnlyhlicoq46154jmssttbk6245zais@andrew.cmu.edu
This way, I know your real address, but I can't match it to an anonymous
reply block on soda; Eric Hollander knows only your anon address on my
remailer.

I must say I really appreciate all the work being done on the remailers;
it looks like the remailers will finally get some much needed
improvements.  Keep up the good work!  Now if we could just get more
people to run remailers...we have only about 10 now; we had over 2 dozen
at one time.  Let's set up some more.