[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remailers: The Next Generation
Cypherpunks,
I tried to send this out earlier, but I haven't seen it at my site.
I've been having problems with messages either not getting out or not
being delivered back to me, so I don't know if this made it out to
you. If not, here it is. If so, I'm sorry for the duplication.
--Tim
Forwarded message:
From: tcmay (Timothy C. May)
Message-Id: <[email protected]>
Subject: Re: Remailers: The Next Generation
To: [email protected]
Date: Sat, 22 Jan 1994 01:29:19 -0800 (PST)
Cc: tcmay (Timothy C. May)
Hal Finney has added many useful points:
> I don't know if charging for messages can be made to work. Karl has a
> remailer which requires digital tokens. You can get them for free just
> by sending an email message. But I'll bet almost no one uses them.
> Why should they, when there are free ones?
>
> That is the big problem. The free ones undercut the pay-per-use
Good point. My hunch is that "nothing is free" and the usual evolution
will be followed: initially free-but-poorly-supported capabilities,
followed by some flavor of commercial services which are in
competition with the "free" services, and then a widening gap in
quality/robustness between the free and fee services.
For example, my own Netcom service costs $17.50 a month and competes
with local free or nearly free BBS services that offer some form of
Internet access. The advantages of Netcom are sufficient to make it
worth paying for. Another example, in a different situation, is the
explosive increase in bookstores in the last 20 years, even when
libraries offer books for free. People _will_ pay for convenience,
features, robustness, etc. It may be a marketing struggle, but
eventually fee-based services seem to win out over free-but-flaky
systems.
> remailers. Unless the pay remailers offer significantly more features
> and advantages to the users, they won't be used. Especially if we are
> talking about actually mailing physical cash to the remailer operators
> in order to receive tokens, this will be terribly inconvenient and will
> further raise the threshold barrier against for-pay remailers.
I agree this is a speed bump. In fact, most folks are making very
little use of existing features (chained hops, encryption) and overall
volume seems pretty low.
Part of my reason for proposing a formal "second generation" is that
enough new features, and greater ease of use (standards, scripts,
automatic selection of routings, ratings services) may tip the balance
toward wider use. Also, the loss of penet-type servers with a
centralized point of attack (e.g., Julf's machine) may suddenly and
urgently shift the burden onto Chaumian-style distributed systems.
(Just a hunch I have.)
> So, the question is whether the value can be made large enough. Most
> of Tim's comments are focussed on the security of the remailers. For
> some applications this is important, particularly the more world-
> shaking ideas we have discussed. (And despite the skepticism I
> expressed last week about the degree to which cryptography can change
> the world, I do believe it can be a strong force for positive change.)
> If people are fighting for freedom against a powerful adversary, they
> will need the kind of security Tim is talking about.
Yes, I confess that my slant on things is toward the "ideal mix," that
extremely strong system of distributed mixes that will provide the
underpinning for the untraceable system we all want (for the reasons
of protecting privacy in a surveillance society that Hal mentioned)
and for the more radical stuff that some of us want.
Working toward the ideal digital mix seems to be the right thing to
do, as a strong foundation will make so many other things easier.
Making the systems easier to use is of course also important, and
several of my points were oriented toward this. But I agree my focus
is on making the next generation more bullet-proof.
(As an aside, more people will be willing to run turn-key remailers if
they are convinced the remailer functions are sufficiently robust to
head off charges that they knew what was flowing through their
remailers, that the system won't barf and dump a bunch of messages
into the trash or into their machine logs, and that the software will
run without their involvement. Such robustness will allow and
encourage the spread of cheap remailer boxes. Price competition on
remailer rates will make the burden of paying drop. This is the hope,
at least.)
> now. I frankly don't see improved security as a major problem that
> needs to be addressed in the short term. It's worth mentioning that
Perhaps Hal is right, perhaps not. But regardless of the exact
priorities, agreeing on some standards, some scripting conventions,
and encouraging a "pinging service" (like what Karl Barrus does with
his periodic summary, but with more statistics on delays, packet
sizes, etc.) seem like some things we need to do. Thinking of several
of these as aspects of the next plateau, the "second generation," may
help to focus energies on adding features.
> In my opinion, what the remailer network needs is, first,
> standardization, as Tim has proposed. Secondly, it needs reliability
> and robustness. Third, it needs to be easier to do two-way messaging.
I agree with all of this. I did not address two-way mail, using either
the "onions" (a kind of return-rely envelope) proposed by Eric Messick
and Hugh Daniel about a year ago, or the "pools" described by Miron
Cuperman. (Readers may recall that the "BlackNet" experiment I ran
called for respondents to encrypt their replies, with no mention of
their names or addresses, to the public key of BlackNet and then post
the cyphertext to one of several groups...thus was 2-way anonymous
communication created.)
One project that could be interesting is this: a merger or hybrid
of the distributed, hard-to-kill Cypherpunks remailers and the wildly
successful, centralized, easier-to-kill penet system of Julf. That is,
multiple penet-type sites, using mixes between. Or meshed in other
ways. The idea is to make sure that greater security against legal and
governmental action is built-in. (I realize Julf's system keeps a
mapping between real IDs and pseudonyms, and this centralized mapping
is the point of attack. Still, some decentralization, some scattering
across multiple national borders, would be useful. Perhaps something
involving secret-sharing protocols.)
Oh, and I agree with the comments a couple of people made that running
constant traffic between remailers is a good way to ensure message
latency does not result in excessive delays. We've actually talked
about this before, but nothing has been done on this.
One of the problems (also a strength) is that our various remailers
are all run by different people, on different machines, etc. They are
not like Western Union telegraph offices, with coordinated policies.
Setting up regular communications, robust connections, is thus not as
easy as it might be with uniform remailers.
(A speculative solution: a group of remailer sites can agree to form a
kind of "guild," agreeing to work together to keep uptimes high, use
standardized software, etc. All voluntary. Like franchises of
McDonalds. The participating remailers could agree to run traffic at
certain rates between their machines, work together to ensure
adequate robustness, issue a report on all of their machines, etc.
Remailers that don't want to participate can still be used, but would
likely have poorer interaction with other machines and might
eventually lose business.)
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power:2**859433 | Public Key: PGP and MailSafe available.