1997-12-15 - Re: remailer hashcash spam prevention

Header Data

From: “Robert A. Costner” <pooh@efga.org>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: c42b0b4f57dc371518243c22207122dce29474124965f788f701f596652df5e2
Message ID: <3.0.3.32.19971215000026.03899328@mail.atl.bellsouth.net>
Reply To: <3.0.3.32.19971213110625.032e7afc@mail.atl.bellsouth.net>
UTC Datetime: 1997-12-15 05:07:23 UTC
Raw Date: Mon, 15 Dec 1997 13:07:23 +0800

Raw message

From: "Robert A. Costner" <pooh@efga.org>
Date: Mon, 15 Dec 1997 13:07:23 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: remailer hashcash spam prevention
In-Reply-To: <3.0.3.32.19971213110625.032e7afc@mail.atl.bellsouth.net>
Message-ID: <3.0.3.32.19971215000026.03899328@mail.atl.bellsouth.net>
MIME-Version: 1.0
Content-Type: text/plain



At 11:19 PM 12/13/97 GMT, Adam Back wrote:
>> If there is in fact a requirement that the sender generate the hashcash,
>> then I am not sure this will work.  A nym reply block possibly does not
>> lead to an exit address, but rather to another reply block.  In fact, this
>> should always be the case.  
>
>I am not sure I understand the comment above.  Why should a reply
>block always point to another reply block?
...
>To point the whole reply block back to another newnym address adds
>additional protection but I would have thought most people use only
>one reply block.

If a person sends email from the source that also houses his nym identity,
then all of the eggs are in one basket.  A nym that points to another nym,
that perhaps points somewhere else like hotmail is needed.  Using only one
nym is about as safe as not using encryption.  It's fine for most purposes,
but can be broken.

I have gotten telephone requests from police, attorney general prosecutors,
private detectives, and others that ask for the identity of a remailer user
to be identified.  These are refused.  But I don't play games.  My response
is always I don't know, but if I did, I wouldn't tell you.

The attack on a single reply block is simple.  If the remailer machine is
seized, or if a VALID court order is received, we would turn the name over.
 (if anything about the request is incorrect, then we would refuse the
request and do so legally)  If we pull up the nym HashMan@anon.efga.org and
discover it is aba@dcs.ex.ac.uk then the anonymity is over.  If however it
points to MrHash@anotherremailer then the identity is preserved a little
bit longer.  The only way to breach this is to seize all remailers at the
same time.

Better security would be had by having a public nym that receives email,
and a private nym that delivers email.

  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:pooh@efga.org  
     http://www.efga.org/            run PGP 5.0 for my public key






Thread