[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: contemplating remailer postage
Matthew J Ghio writes:
> How about this:
>
> Issue numbered stamps sequentially. Encrypt them and
> add a cryptographic checksum to each stamp. You then
> create a database such that one bit of data corresponds to
> one stamp. With a mere 64K database, you could issue and
> keep track of 524288 postage stamps. That ought to last
> you a few years. (At 100 letters a day, it would last over 14
> years. Most cypherpunk remailers get considerably less
> than 100 emails a day.)
>
>
>
If the remailer constructs the stamp, rather than just signs it blindly,
it could keep a log of which stamps were issued to which users. The
remailer could then use this information to figure out the original sender
of a stamped message regardless of how many other remailers the message
passed through.
To thwart this, users would have to purchase stamps anonymously. However,
this begs the question: How does the user anonymously purchase stamps for
the first remailer? I suppose you could use "free" remailers to send
anonymous purchase requests to stamp-issuing remailers.
The system I described does not require you to purchase stamps
anonymously. You can purchase stamps directly from each remailer without
giving the remailer the opportunity to record which stamp went to which
user. To understand why this is true you need to understand how blind
signatures work. The book "Applied Cryptography (Bruce Schneier)" gives a
good description of the properties of blind signatures. That is how I
learned about them.
The remailer could still record the fact that you purchased stamps, thus
alerting the bad guys that you plan to use the remailer system. However,
I don't think it is possible to prevent the bad guys from learning that
you use remailers. I assume the bad guys will be logging all traffic to
the remailers and would learn about your use of remailers, stamps or no
stamps.
[email protected]