From: Antonomasia <ant@notatla.demon.co.uk>
Date: Tue, 30 Sep 1997 07:49:18 +0800
To: cypherpunks@ssz.com
Subject: T1 insecurity (was Re: Remailers and ecash)
Message-ID: <199709292229.XAA03853@notatla.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



shamrock@cypherpunks.to:

> Once you have all the mail going in and out, you make use of the simple
> fact that Type 1 messages must shrink with each hop. See the classic
> essay "Mixmaster & Remailer Attacks" at
> http://www.obscura.com/~loki/remailer/remailer-essay.html

This describes a pure Type 1 without a remix feature.  This idea
due to Andy Dustman allows Type 1 and 2 remailers on the same
host to cooperate, hiding the message size and type.  Another
fault of pure Type 1 blocks when reused is that they are easily
recognisable as the same stage of the same block on different occasions.
You can do sneaky things with cutmarks, but it doesn't buy you much.
You can point your reply blocks to a message pool, so avoiding the
worst effects of Type 1.

You still (even with mixmaster) have the timing issues involved with
addresses that communicate regularly.

> If you run a Type 1 remailer, do your users a favor: shut it down and
> replace it with a Type 2.

Say this when there's a good way to receive anonymous email.
The sooner the better.  Meanwhile all Type 1 remailers should remix.

And as far as fitting ecash into headers is concerned: Ulf and I
think that you could cannibalize the 2nd header to contain the
cash. (We were talking about hashcash in fact.) You'd need to
avoid sending cash to remailers that wouldn't read it, and you'd
reduce the maximum number of hops permissible.  I was meaning to add
hashcash to these remailers.  Lucky's persuaded me not to do it to t1.

--
##############################################################
# Antonomasia   ant@notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################