1997-12-02 - Re: Pasting in From:

Header Data

From: Charlie Comsec <comsec@nym.alias.net>
To: remailer-operators@anon.lcs.mit.edu
Message Hash: 6443ba69fe28977772ba59c36f3dbc3cfb9f5df0a91079fa93e56d4af0f7d838
Message ID: <19971202202007.11359.qmail@nym.alias.net>
Reply To: N/A
UTC Datetime: 1997-12-02 20:28:38 UTC
Raw Date: Wed, 3 Dec 1997 04:28:38 +0800

Raw message

From: Charlie Comsec <comsec@nym.alias.net>
Date: Wed, 3 Dec 1997 04:28:38 +0800
To: remailer-operators@anon.lcs.mit.edu
Subject: Re: Pasting in From:
Message-ID: <19971202202007.11359.qmail@nym.alias.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

"Robert A. Costner" <pooh@efga.org> wrote:

> >But you don't need a special anonymity server to do that;
> >a keyserver plus either a personna certificate or some archiving mechanism is enough.
> >The certificate shows that you're the first+only person at that
> >certificate issuer to use the name you've chosen; the archive
> >shows that the first poster using the name <nym> used PGP Key <key>.
> >I have a PGP key I use for signing pseudonyms which performs
> >the personna certificate function - I'll verify uniqueness
> >of keys that I've signed.
>  
> I was thinking of remailers sending out anon messages with a distinct from
> line that has zero connection (in the nym database) to any email address.
> Is this possible?  To establish a nym only through one way communication?

I can think of a couple of ways this could be implemented.  You could either
allow the user to select an e-mail address to use, then do an nslookup to 
verify that the domain does not exist, or else choose a domain that's actually 
nothing but a bit bucket.  The cleanest implementation might be to create a 
"bitbucket.efga.org", alias all incoming mail (except for perhaps "postmaster") 
to /dev/null, then assign  non-replyable 'nyms off of that.  That would 
eliminate the need for managing reply blocks and confirmation cookies.

This is much more preferable to these people you see who post with a From:
address of "nobody@nowhere.com", probably not realizing that nowhere.com is
actually a real domain.

But implementing such a server is still a lot more work than simply allowing
From: headers to be pasted and allowing source blocking for anyone who is
worried about being the victim of abuse of such a scheme.
  
- ---
Finger <comsec@nym.alias.net> for PGP public key (Key ID=19BE8B0D)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBNIRgZwbp0h8ZvosNAQGC7gf+PRUB+6Zuxns3E+BWZoM3kkzn4MD9vcip
1MvQRFRvTTdvGM4vFySYcZByv7SQJdIiVZItyzMe4qMz+Ft/xpbWUYmz3mOpws9H
RW3sbsFywNzp4pCxolKhMJ8QTQI/tHb3CHT6thHkbgjpzr4bJlL6trLKn+btY2d/
MdNq61oPCTq4YYdj9kC8WebngjfJZOvcvQhX1OLtUaagrpL8DiGxivGSz/Rdl6ZC
Yr8m8m0V/l6WA4HG3ZKTDoBz6OBxI7VROZRZdJkCRHKgScQP9/4+UYnSbew1rAhE
apoUG3Ds7kiIUoZ9gLz01sYvRRaWelIjIZLp+RfnMPvtwXexP2uA8Q==
=+uAL
-----END PGP SIGNATURE-----






Thread