From: jim@bilbo.suite.com (Jim Miller)
Date: Wed, 28 Sep 94 10:00:25 PDT
To: cypherpunks@toad.com
Subject: Re: FORTRESS REMAILERS
Message-ID: <9409281659.AA02045@bilbo.suite.com>
MIME-Version: 1.0
Content-Type: text/plain



To my mind, remailer vulnerability starts with the Net addresses used to  
send to them and send from them.  It seems to me that a fortress remailer  
must have solve two problems:

   1) Getting a message to the remailer without knowing the remailer's Net  
address.
   

   2) Sending a message from the remailer without revealing a Net address.
   


Problem 1 can be easily solved by having users send messages to various  
new groups the remailer scans.  The messages would be encrypted with the  
remailer's public key.  The remailer continuously scans for new messages  
encrypted with its public key.  When it finds one, it decrypts it and  
processes it.

Problem 2 it the tricky part.  How can the remailer inject a message back  
into the public Net without revealing its Net-location?  If the remailer  
could sovle this problem, then why couldn't everybody use the same  
solution, eliminating the need for remailers?  The one possibility is that  
the solusion requires something that most average users can't do or can't  
acquire economically (i.e. most everybody can grow their own food, but why  
bother).

I haven't come up with any really good ideas here.  Here are a couple  
thoughts:

a) Using various hacker tricks to forge "From:" e-mail addresses.

b) Use short-lived addresses.  Set the remailer up some how so it can  
frequently acquire new e-mail addresses.  Each address would only be used  
to forward a limited number of messages, and then it would be abandoned.


Jim_Miller@suite.com