1998-05-15 - Non-anonymous remailers

Header Data

From: Anonymous <nobody@REPLAY.COM>
To: cypherpunks@toad.com
Message Hash: 30ee7381d43bbe5bd975601aa460ad090ecc52676ef7116c5fb1932469e6f953
Message ID: <199805150215.EAA08803@basement.replay.com>
Reply To: N/A
UTC Datetime: 1998-05-15 02:15:40 UTC
Raw Date: Thu, 14 May 1998 19:15:40 -0700 (PDT)

Raw message

From: Anonymous <nobody@REPLAY.COM>
Date: Thu, 14 May 1998 19:15:40 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Non-anonymous remailers
Message-ID: <199805150215.EAA08803@basement.replay.com>
MIME-Version: 1.0
Content-Type: text/plain

Recently a new technology has been proposed: non-anonymous remailers.

A non-anonymous remailer separates the two traditional functions of the
remailer network: anonymity and avoiding traffic analysis.  Because the
network provides both of these features, some people may not be aware
that they are distinct.

Anonymity means that no one can tell who sent a message.  Neither the
recipient, the remailers, or an eavesdropper can know the source of
a message.

Avoiding traffic analysis means making it impossible for the path a
message takes through the network to be traced, either by the remailers
or by third parties.

A non-anonymous remailer avoids traffic analysis but does not provide
anonymity.  The recipient can tell who the sender of a message is,
but no one else can, neither the remailers nor eavesdroppers.

There are several ways to achieve this cryptographically.  The general
idea is that the sender of the message must sign it with a valid public
key (one signed by a CA trusted by the remailer network).  This signature
is hidden from everyone but the recipient because the message is encrypted
for the recipient.  However the sender can use variants of zero knowledge
proofs to demonstrate that inside the encryption there is a signature
which satisfies the requirements.

The remailer net will only deliver a message to an end user if it is able
to verify that the message, when decrypted, will be properly signed.
This assures that the end user will be able to determine who sent the
message, while no one else will.

Non-anonymous remailers would be suitable for cases where people do
not want eavesdroppers to know with whom they are communicating, but
where they don't need to be anonymous to their communication partners.
A financial house's merger and acquisitions department, for example,
would not want third parties to know with whom they are exchanging
email.  A surveillance target will want to hide the identities of his
co-conspirators.  An employee who is considering changing jobs will
not want his employer to know that he is sending email to a competitor.
Many similar examples exist.

Non-anonymous remailers would also have the advantage that they would be
much less prone to abuse than anonymous remailers.  Sending a harrassing
message or commercial spam through a non-anonymous remailer would be
pointless.  It might as well have been sent directly, since the remailer
does not hide the sender's identity from the recipient.

In summary, non-anonymous remailers prevent traffic analysis without
providing anonymity.  This more limited functionality renders the remailer
less vulnerable to abuse and misuse, while providing protection which
will be adequate for many situations, and which may be especially
appropriate for the business environment.

25BA1A9F5B9010DD8C752EDE887E9AF3 [Cantsin Protocol No. 2]
-AE8 AE8