1994-07-19 - Re: the Cypherpunk and the Shadow

Header Data

From: sidney@taurus.apple.com (Sidney Markowitz)
To: cypherpunks@toad.com
Message Hash: 1e57e0656118a6dafabde6ea39c9330d0d80fcf1f27a2fadcfc74660c39bd173
Message ID: <9407192131.AA05790@federal-excess.apple.com>
Reply To: N/A
UTC Datetime: 1994-07-19 21:31:12 UTC
Raw Date: Tue, 19 Jul 94 14:31:12 PDT

Raw message

From: sidney@taurus.apple.com (Sidney Markowitz)
Date: Tue, 19 Jul 94 14:31:12 PDT
To: cypherpunks@toad.com
Subject: Re: the Cypherpunk and the Shadow
Message-ID: <9407192131.AA05790@federal-excess.apple.com>
MIME-Version: 1.0
Content-Type: text/plain

Please point me to appropriate references if I am going over old territory.

What if an anonymous remailer required that messages were digitally signed?
To use such a remailer, you would have to register an e-mail address and
public key with the remailer. Mail that you send through the remailer would
only go through if it were properly signed with your key. The return
address on the remailed message would be something that the remailer could
use to get replies back to you. Chained remailing would still be possible
if each remailer signed the messages that it sent out, verifying that it
had been received from an address that is registered with it (which may be
a user or another such remailer).

This would provide a way of dealing with someone mail-bombing a remailer or
through a remailer, because the messages from one person could be
identified and filtered out either by the remailer or later on, as
appropriate. If someone tried to generate a million different identities
and public keys, that could be dealt with by imposing a time delay for
registration, which would not have to be imposed under normal

The current cypherpunk remailers maintain strict anonymity by not keeping
records the way the Finnish anonymous remailer does. But if you want to be
able to get a reply, you still have to place an encrypted reply block in
your message, which the remailer can decrypt, so you still lose anonymity
in the case that someone compromises the remailer. That is no better than
registering an e-mail address (which can be your anonXXXX address anyway)
that the mailer stores encrypted along with your public key.

For that matter, this would work if everyone had to register a public key
with the remailer in order to send mail through it, but only people who
wanted to be able to receive replies also registered their e-mail address.
Then the only thing that would be required to prevent a mail-bomb attack
would be to enforce a registration delay during such time as it became

Having all messages identified, even though still anonymous, would make
building of reputations possible.

 -- sidney markowitz <sidney@apple.com>