From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Wed, 18 Oct 95 18:21:36 PDT
To: hfinney@shell.portal.com (Hal)
Subject: Re: Anonymity: A Modest Proposal
In-Reply-To: <199510181636.JAA17879@jobe.shell.portal.com>
Message-ID: <199510190120.LAA29179@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello,

Hal <hfinney@shell.portal.com> wrote:
 
(replying to Eli Brandt <eli@UX3.SP.CS.CMU.EDU>)

> I think splitting the message would be OK, but then the question is who
> is responsible for reassembling it?  If there were a "reassembly
> server" which took such messages, assembled them, and forwarded them,
> then we would be right back where we started from.  If the end user is
...

Not really. Wouldn't there be a different politic to reassembling
messages as opposed to anonymous remailing?

Such a reassembly server could cooperate with the authorities, nay, even
precede each message with a PGP-signed list of where the various pieces
came from. On second thoughts that last is a bad idea (because
you might want the first line to be eg a reply block), but such a list
could be published on WWW by Message-ID (or Subject, or ...).

The remailers thus implicated have the defence that they could not possibly
have known the contents of the message, because it was split.

Actually, the same end can be achieved by having a non-anonymous remailer,
which simply decrypts and mails - and cooperates with the authorities.
It doesn't even need to strip the headers. However, such a thing would
probably have no other function than this so it might be harder to run.

(A reassembly server would have the stated function of implementing
k-of-n splits, eg for key/document escrow etc. Pieces coming in anonymously
would be merely permitted, not expected.)


BTW: s1018954@aix2.uottawa.ca wrote:

> On Wed, 18 Oct 1995, t byfield wrote:
...
> > header-forging: it's a practical fact of the net, and one that maybe
> > shouldn't be overlooked on (basically vague) 'moral' grounds, any more than
> 
> The courts can't overlook it either. There goes liability. If I posted 
> pirated software from this account, according to what you're saying, I could 
> claim a forgery and show reasonable doubt.

I understand that a post of mine on Cypherpunks had certain piece
of CoS scripture added to it. The original post was signed, and the
person or persons responsible did not attempt to include the
addition within the signed part (merely attached it to the end) so
the signature still checked out.

Even on cypherpunks somebody replied to that addition with the
attribution "Jiri Baum wrote" without noting it wasn't signed by me.

(Called it "drivil", too, but I guess that's between him, his English 
teacher and the CoS.)

"Richard Martin" <rmartin@aw.sgi.com> replied to s.:

...
> *If* we were all wonderful little cypher-junkies and signed
> everything, then we might plausibly be able to deny forged mail: "I
...

Well, I sign everything, don't I? (Somebody please tell me if I don't.)

No I don't have it hard-coded into my mailer. However it's easy enough
to do as it is:
  ":w qqq", switch windows or ^Z, "pgp -sat qqq", go back, "dG:r qqq.asc".

...
> I'm looking forward to the point where my mail reader will sort things
> according to reputations I give correspondents, and perhaps flag mail
...

Yup. Why don't you write one? ("cypherpunks write code")


Hope that makes sense...

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMIWnqCxV6mvvBgf5AQH5rgQAuQb2Q86dlORTGyByuZA9Uw1P+66gqune
FWWc6uNFYysP6pjX0kl+Z3BVlYLJieRrY5wO/J1pJDOXcJC4NqAShfW8gXpA0F27
kkNc9yE+418ppdF5tyInjOGAHdeQyLQ0Klqthb2lBXo7pjAagEc9wXnlCRT8sj1i
9FXXZ4yDgjs=
=Bnu1
-----END PGP SIGNATURE-----