From: Anonymous <nobody@REPLAY.COM>
Date: Thu, 14 May 1998 19:15:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Non-anonymous remailers
Message-ID: <199805150215.EAA08803@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain


Recently a new technology has been proposed: non-anonymous remailers.

A non-anonymous remailer separates the two traditional functions of the
remailer network: anonymity and avoiding traffic analysis.  Because the
network provides both of these features, some people may not be aware
that they are distinct.

Anonymity means that no one can tell who sent a message.  Neither the
recipient, the remailers, or an eavesdropper can know the source of
a message.

Avoiding traffic analysis means making it impossible for the path a
message takes through the network to be traced, either by the remailers
or by third parties.

A non-anonymous remailer avoids traffic analysis but does not provide
anonymity.  The recipient can tell who the sender of a message is,
but no one else can, neither the remailers nor eavesdroppers.

There are several ways to achieve this cryptographically.  The general
idea is that the sender of the message must sign it with a valid public
key (one signed by a CA trusted by the remailer network).  This signature
is hidden from everyone but the recipient because the message is encrypted
for the recipient.  However the sender can use variants of zero knowledge
proofs to demonstrate that inside the encryption there is a signature
which satisfies the requirements.

The remailer net will only deliver a message to an end user if it is able
to verify that the message, when decrypted, will be properly signed.
This assures that the end user will be able to determine who sent the
message, while no one else will.

Non-anonymous remailers would be suitable for cases where people do
not want eavesdroppers to know with whom they are communicating, but
where they don't need to be anonymous to their communication partners.
A financial house's merger and acquisitions department, for example,
would not want third parties to know with whom they are exchanging
email.  A surveillance target will want to hide the identities of his
co-conspirators.  An employee who is considering changing jobs will
not want his employer to know that he is sending email to a competitor.
Many similar examples exist.

Non-anonymous remailers would also have the advantage that they would be
much less prone to abuse than anonymous remailers.  Sending a harrassing
message or commercial spam through a non-anonymous remailer would be
pointless.  It might as well have been sent directly, since the remailer
does not hide the sender's identity from the recipient.

In summary, non-anonymous remailers prevent traffic analysis without
providing anonymity.  This more limited functionality renders the remailer
less vulnerable to abuse and misuse, while providing protection which
will be adequate for many situations, and which may be especially
appropriate for the business environment.

25BA1A9F5B9010DD8C752EDE887E9AF3 [Cantsin Protocol No. 2]
092AA1EC9926D468F8964B8EF537DDC1782A1281
5838A82465D8E6D05769B3A837D8C43CBF2C5500
-AE8 AE8
523DDCB64EAE3A8826583353B8A8B57D23952CEDE5605AF95605A60D8735040FD63CD0CAA1E3A35B946A8828565A9BD77AF301BFA40AC04C762F3A0ADFE6CE3B516D02A3E705167D43B04E1EBAB96F1875129BDF4E13B8F2023B72C3AE56A4102C24CF55213E3DF801A1451C92D94D3CC52D195EADBA8CF4BB7A976A7A1A3126EB8B7CA243DEC78665D7BA797BCA95EA5C8EA41B620C7F1BCE9662869B65F7E710A89CADD9DDF8CBE9265F057131067CA630F138D5AA5E4DAA19B1ECC6193A2A191CF7C5DD89B71590297189A60609A824A7A494A4944B37048DD2F8F0E510DA767E54C02F3E21DE6FFFB29D7B53607DD3920283B1ACC82FE1CAA0C5DD872EF6
2CD5E0D37250DE32D9A1A7229DB8D9DC5F3CA35BFD7E3F7F09612F4444ABE4FAB47097F9BF4D82DDD2FD5FF7770B1F80369EEBC9703265DE03B24ABEA9E584839569156638A5D21005CF06550392B45076B3026E25104F91B59FB994E89B4F15A168790CAC3ADD030EBC06E5C96086FBF7B17369E4D102725FA779784BACD67812B39E71003FE4741B57ECF814A1053F290F46FD07F48E5DA586FECCA62D3ABC54C15D8652F1FFDCE8D7C312486BC643F9AFE70518084644293643DF638172545B08D93CF6E2664211330A4555E8774B665C9CA344ABB698B6C709E767F9ECB8F78DB4B12F2271D15DC8D5A9E355A9C0F6CC413906E188A52B1AEB6009BAC5EA