From: Ben Holiday <ncognito@gate.net>
Date: Wed, 22 May 1996 10:07:53 +0800
To: remailer-operators@c2.org
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <Pine.GUL.3.93.960520223851.489X-100000@Networking.Stanford.EDU>
Message-ID: <Pine.A32.3.93.960521152031.52974B-100000@hopi.gate.net>
MIME-Version: 1.0
Content-Type: text/plain


After pondering a bit it seems to me that the "knock knock" remailer
approach (only send anon-mail if the recipient agrees to receive it) could
be made feasable pretty easily.

Rather than hold the mail while waiting for a consent to release, you
could simply encrypt the peice of mail with a symetric algorythm on its
final hop, and send the encrypted mail to the recipient. 

At this point there are 2 options, which I havnt examined closely: The
first is that you require them to send a request for their "consent-code"
which can be used to decrypt the mail. Under this arrangment you could
possibly provide for a user to specify a specific consent code, so that 2
party's who had previously agreed to communicate could avoid "knocking".
If you strip the subject, then it would be all but impossible for a person
to include the consent code in the actual peice of mail.

The second is to simply include the
consent-code along with the encrypted peice of mail and a legal notice
stating that decryption of the mail constitutes your consent to receive
the mail, as well as your agreement to hold the remailer-operator harmless
should the mail be found to be in some way offensive. Further, the
recipient would agree to be solely liable for the contents of the mail,
etc etc.. I leave the actual agreement to the net.lawyers to figure out.

As far as I can tell an agreement of this form would be at least as valid
as the software licenses ("NOTICE: Opening this envelope constitutes your
agreement to the terms.. blah blah blah") that are commonly used today.
Also would seem to be a similar concept to "Opening the case of this
device void's your warranty" stickers on appliances.

Under this approach persons would receive mail whether they'd consented or
not (unless they requested to be blocked). But it would be difficult for
anyone to raise any serious legal issues about something they havnt read,
and impossible for them to make noise about what they read, after the
implied consent they gave when decrypting.

Under both approaches it would be wise to have a list of addresses who've
already consented, which would contain all of the known remailers..
whether or not an operator chose to have names besides remailers in the
list would be at his/her discretion.

Ben..