From: futplex@pseudonym.com (Futplex)
Date: Fri, 8 Dec 95 03:45:23 PST
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Still more on the Digicash protocol
In-Reply-To: <199512071610.KAA16536@admin.starnet.net>
Message-ID: <199512081146.GAA06511@opine.cs.umass.edu>
MIME-Version: 1.0
Content-Type: text/plain


Lucky (wearing his MTB hat) writes:
> So when will the user pay with a wildcard coin? To make a payment to a party
> that is (pseudo-) anonymous to the payor. That is, if the payor sends the
> payment via anonymous remailer, in which case the messages should be
> encrypted anyway.
> 
> [Why a remailed message should be encrypted is left as an exercise to the
> reader.]

I don't think that's axiomatic. 

To be clear, I'm _not_ talking about encryption using the public keys of the 
remailers in a chain. I certainly do not wish to dispute the advantages of 
using those. But such encryption is just a form of link encryption. It
doesn't prevent the final remailer (or anyone between the last remailer and 
the recipient) from altering the plaintext payor_id.

It seems to me that end-to-end encryption is not significantly more important
for remailed messages. Really, there's less information in the message when
it emerges from the last remailer, so there's less to protect than in the
ordinary case. Furthermore, it may not even be feasible, since I may not have 
a public key I can associate with my correspondent.

-Futplex <futplex@pseudonym.com>