[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: contemplating remailer postage





Matthew J Ghio writes:

> How about this: 

> 

> Issue numbered stamps sequentially.  Encrypt them and
> add a cryptographic checksum to each stamp.  You then
> create a database such that one bit of data corresponds to
> one stamp.  With a mere 64K database, you could issue and
> keep track of 524288 postage stamps.  That ought to last
> you a few years.  (At 100 letters a day, it would last over 14
> years.  Most cypherpunk remailers get considerably less
> than 100 emails a day.)
> 

> 

> 


If the remailer constructs the stamp, rather than just signs it blindly,  
it could keep a log of which stamps were issued to which users.  The  
remailer could then use this information to figure out the original sender  
of a stamped message regardless of how many other remailers the message  
passed through.

To thwart this, users would have to purchase stamps anonymously.  However,  
this begs the question: How does the user anonymously purchase stamps for  
the first remailer?  I suppose you could use "free" remailers to send  
anonymous purchase requests to stamp-issuing remailers.

The system I described does not require you to purchase stamps  
anonymously.  You can purchase stamps directly from each remailer without  
giving the remailer the opportunity to record which stamp went to which  
user.  To understand why this is true you need to understand how blind  
signatures work.  The book "Applied Cryptography (Bruce Schneier)" gives a  
good description of the properties of blind signatures.  That is how I  
learned about them.

The remailer could still record the fact that you purchased stamps, thus  
alerting the bad guys that you plan to use the remailer system.  However,  
I don't think it is possible to prevent the bad guys from learning that  
you use remailers.  I assume the bad guys will be logging all traffic to  
the remailers and would learn about your use of remailers, stamps or no  
stamps.


[email protected]