[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
A novel (?) return address idea
It seems clear now that the default behavior of the anon.penet.fi
remailer (generating only one anonymous ID per user, and anonymizing
all messages to other anon users with that ID) is inadequate. At the
same time, Julf argues persuasively that users have come to expect
that their replies to anonymous Usenet articles will be anonymized.
The current na/an address workaround is okay, but I think we could do
better.
Here's my scheme:
When a user first mails to or through a penet-style remailer, the
remailer software will automatically allocate an ID for the sender's
return address, as usual. _But_, it will keep this number secret, in
an internal database. Let's consider this ID to be a binary number.
The remailer appends to this ID number some "salt" bits (random bits,
perhaps with some time-stamp info to guarantee that the same salt
bits are never applied twice, if the RNG is weak). This collection
of bits is then encrypted with a secret key only the remailer knows
(note: this should _not_ be the secret half of a public/private key
pair, for reasons that should become clear). The encrypted bit
string is converted by a uuencode/armourtext process that produces
characters that will be legal for an e-mail address. This is then
used for a return address.
When someone wants to reply to an anonymous message or post, the
remailer decrypts the address, ignores the "salt" bits, looks up the
anonymous ID in its database, and sends it on to the desired
recipient.
The advantage of this scheme is that no two messages will have the
same return address, and no information about the sender can be
gleaned from the return address; yet the remailer can allow replies
to every message without keeping any more records than it does under
the current version.
A couple disadvantages could be running out of bits for the return
address, and adding more encryption work for the remailer. You'd
definitely have to own the machine, and implement some, er, different
mailing software, since you'd have to accept mail for users with any
random name whatsoever. And, of course, this method is only useful
for penet-style remailers, not cypherpunk/mixnet remailers which
should not remember anything about messages that pass through.
What do you all think about this for a "Mark II" anon.penet.fi?
Joe