From: Jonathan Rochkind <jrochkin@cs.oberlin.edu>
Date: Sun, 10 Jul 94 14:13:26 PDT
To: cypherpunks@toad.com
Subject: Anon Mailing List
Message-ID: <199407102113.RAA06084@cs.oberlin.edu>
MIME-Version: 1.0
Content-Type: text/plain


I'm in the process of working on some perl scripts to implement a fully anonmous
 mailing list. I mentioned interest in this a month or so ago on cypherpunks, 
but i think it might have been during some of the list troubles, so many might 
have missed it. 

At any rate, I have very little unix programming experience, but since no one 
else seemed to be working on an anon mailing list, although sev eral people said 
they had given it some thought, I figured I might as well give it a try.

The basic idea is simply that anon-remailers will be used, so that the mailing 
list doesn't need anyone's real address; it can send list mail to them through 
the anon remailers using encrypted re-send to blocks. Additionally, the list 
would send out all mail pgp-encrypted with the individual keys of list members. 
(yes, this could be proccesor-time-consuming). And incoming mail would be 
required to be encrypted to the list, and signed by a list member.  And 
PGP-signature-checking would be used for authentication of unsubcribe commands, 
and such. Possibly, remote list maintanance with  signature-checking for 
authentication might be coded. 

Anyhow, I'm not sure whether I should attempt to modify some existing mailing 
list code, or just write my own from scratch (which seems like it actually might
 be easier). But I could try to modify majordomo, or more likely SmartList. 
SmartList is some scripts and recipe files for procmail to implement a mailing 
list. procmail is a incoming mail proccessing program. I want to make sure this 
stuff can be run from inside a normal user account, if neccesary, which is easy 
to do with SmartList. I'm not familiar with the inner workings of majordomo. The
 reason I'd modify preexisting stuff is because they are already set up to deal 
with rather obscure possible errors in rather complicated ways that I might not 
want to duplicate myself. But I'm not sure how significant this is, and I'd 
really rather write it from scratch myself, and not have to deal with puzzling 
through someone elses code. (Yeah, I'm lazy).  What do you all think?

I've put in a little bit of meta-level effort in writing it from scratch.  I've 
come accross DMB databases as a way of keeping the records of members 
pseudonyms, anon-remailer address blocks, and anon-remailer addresses.  Is this 
a good idea? The documentation I saw on DBM databases suggested that there might
 be a unpredicable size limitaton of 1000 bytes or so, which could conceivably 
become prohibitive with especially long encrypted remailer address blocks. But I
 don't know of any other easy way to maintain such a database. I'm _not_ going 
to write my own database maintanance code; I wouldn't know where to begin. Any 
suggestions?

I'd appreciate any input people have for me.