1996-05-21 - Re: An alternative to remailer shutdowns

Header Data

From: William Ono <wmono@direct.ca>
To: cypherpunks@toad.com
Message Hash: 732b841c4134189320572e23521ea265ae4ffb351fa80730ce8cd30c7b22773b
Message ID: <Pine.LNX.3.91.960520222459.1279A-100000@crash.direct.ca>
Reply To: <ML-1.3.1.832643128.113.don@bay.cs.byu.edu>
UTC Datetime: 1996-05-21 11:33:41 UTC
Raw Date: Tue, 21 May 1996 19:33:41 +0800

Raw message

From: William Ono <wmono@direct.ca>
Date: Tue, 21 May 1996 19:33:41 +0800
To: cypherpunks@toad.com
Subject: Re: An alternative to remailer shutdowns
In-Reply-To: <ML-1.3.1.832643128.113.don@bay.cs.byu.edu>
Message-ID: <Pine.LNX.3.91.960520222459.1279A-100000@crash.direct.ca>
MIME-Version: 1.0
Content-Type: text/plain


On Mon, 20 May 1996, Don may have written:

> Re: "permitted" list
> 
> Addresses must be hashed. 

That makes sense.  I don't think the processing time is very significant 
here.  Even using somewhere where collisions can be created is not much 
of a problem, as email addresses tend to be picky for syntax.

> Possibly auto-added to the list when mail comes
> from that address.

How would mail spoofing be prevented?  Sending mail with a given From: 
address is laughably trivial, even making Recieved: look feasable is easy. 
Having people PGP-sign their 'add' requests might work, but then anybody
can create any keys with any email address attached to it.  Asking the
remailer operator to verify each key would be unimaginable.  Sending back
acknowlegements suffers from storage problems, processing power problems,
and also makes it significantly easier for traffic analysis.  (One mail
in, one mail out, one mail in, lots of mails out.  Pairs of mails roughly 
corresponding.)

On the whole, I think the idea of 'permit lists' is good, but not one 
that is very workable under the current "structure".

IANACoNE (cryptologist or network expert)


--    ** NOTE NEW KEY **  As of 08/28/95!  Old key 0x2902B621 COMPROMISED!
William Ono <wmono@direct.ca>                                PGP Key: F3F716BD
 fingerprint = A8 0D B9 0F 40 A7 D6 64  B3 00 04 74 FD A7 12 C9 = fingerprint
PGP-encrypted mail welcome!           "640k ought to be enough for everybody."





Thread