1996-01-22 - More thoughts about digital postage (was Re: Digital postage and remailer abuse)

Header Data

From: abostick@netcom.com (Alan Bostick)
To: cypherpunks@toad.com
Message Hash: 8a933bea47236ac36a189547efa97a94809b5bae1679a85fbe0c963c966cb8a2
Message ID: <T67Ax8m9LMNe085yn@netcom.com>
Reply To: <v02120d02ad1ce02500bc@[192.0.2.1]>
UTC Datetime: 1996-01-22 17:59:27 UTC
Raw Date: Mon, 22 Jan 96 09:59:27 PST

Raw message

From: abostick@netcom.com (Alan Bostick)
Date: Mon, 22 Jan 96 09:59:27 PST
To: cypherpunks@toad.com
Subject: More thoughts about digital postage (was Re: Digital postage and remailer abuse)
In-Reply-To: <v02120d02ad1ce02500bc@[192.0.2.1]>
Message-ID: <T67Ax8m9LMNe085yn@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

People asked in earlier in this thread how remailers could issue digital
postage stamps without being able to know who is using which stamp issued.

One obvious approach is to use blind signatures.  Rather than issuing
a stamp to the user who requests/purchases it, the user could send
an unsigned stamp, encrypted in an RSA envelope, to the remailer.  The
remailer would then blind-sign the envelope and return it to the user.
The user then decrypts the envelope and has a stamp ready for use.

At the time of use, the remailer checks the signature.  If it is valid,
it checks to see if the stamp has been used before.  If so, it forwards
the message to /dev/null; if not, it records the stamp (or perhaps a
hash of the stamp) in its database.

How does the remailer know that it is signing a stamp rather than (say)
money orders, or a confession of sending kiddy porn over the net?  The
textbook answer is to use a cut-and-choose protocol -- which requires
some subsequent communication with the user.  But I'm not convinced that
this is necessary. If the remailer's postage key is used only for
postage and known to be used only for postage, then tricking it into
signing something else would have the same significance as "signing" a
paper check with the Pitney-Bowes postage meter.

I'm assuming that the postage stamp would look something like:

- -----BEGIN POSTAGE STAMP-----

Kibo's remailer <remailer@happy.net> 3FA610092DB3FE12554AE98F66705601

- -----END POSTAGE STAMP-----

where the random bits are generated by the user prior to submission to
the remailer.  (Actually its appearance would be
implementation-dependent, of course.)

This is all cryptology 101, of course, but hey, it's a start.

- -- 
   Alan Bostick             | He played the king as if afraid someone else 
Seeking opportunity to      | would play the ace.
develop multimedia content. |      John Mason Brown, drama critic
Finger abostick@netcom.com for more info and PGP public key

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMQPF+uVevBgtmhnpAQEgAQL/aYgGUvvW4jTLSnqxheid006I85sUdk2H
l4GxtjW7obMI8rZ0c4kEYsXHnbDyFaREOpSjhSDzeqV2pkogesea0j/xXRqM7UQ3
hG5NBc56Nhr78+hqIOuyo3t6RaRjXi75
=qYXn
-----END PGP SIGNATURE-----





Thread