[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SCHEME for FULL-SPEC RETURN PATH
-----BEGIN PGP SIGNED MESSAGE-----
This is a portion of mail that I sent to bill stewart. Since bill seems to
busy to send a critique, could someone else comply, please?
Jon Boone | PSC Networking | [email protected] | (412) 268-6959 | PGP Key # B75699
PGP Public Key fingerprint = 23 59 EC 91 47 A6 E3 92 9E A8 96 6A D9 27 C9 6C
- ------- Forwarded Message
Date: Thu, 03 Feb 94 13:45:31 -0500
From: "Jon 'Iain' Boone" <[email protected]>
How secure do you think this is?
Three remailers:
[email protected]
[email protected]
[email protected]
Originator: [email protected] (really igi.psc.edu, as Message-ID: shows)
Receiver: [email protected]
()Ka == contents inside () are encrypted with Public Key of A
mail addressed to random+*@foo.edu == mail to user [email protected],
random's mail processor will
deal with the +*
The sender must encrypt his/her own address with the public key of the
first remailer and put it in the X-A-R-P: field.
Upon reciept of a message with X-A-S-P: set to non-empty, the re-mailer
will strip off its portion of the address and decrypt the rest with its
private key.
It will add itself to the X-A-R-P: and encrypt it in the public key of
the next remailer on the X-A-S-P:
If there is nothing in the X-A-S-P: (after having removed its own address),
then it needs to be sent to the To: address, so we set the From: address to
be the contents of the X-A-R-P: with its own address pre- & post- pended.
That way, the reciepient need not change his/her mail agent to respond via
the X-A-R-P: (or even need to include the X-A-S-P: in the outgoing response).
If the message doesn't have an X-A-S-P:, the remailer checks the "To:"
for the contents of what would have been the X-A-S-P: with its own address
pre- & post- pended. By stripping off its own address and de-crypting the
resultant, it has the next address to send it to.
Barring wire-tapping, your privacy is susceptible in the logs (syslog, etc.)
of the first remailer (a.edu in my example) or if all the RSA-keys for
a.edu, b.com and c.org are broken. To dampen wire-tapping, you could encrypt
the contents of the message with padding, making traffic analysis more
difficult.
Comments?
IGI.PSC.EDU:
To: [email protected]
X-A-S-P: anon1+"(anon2+"([email protected])Kb"@b.com)Ka"@a.edu
X-A-R-P: ([email protected])Ka
From: [email protected]
Message-Id: <[email protected]>
A.EDU:
To: [email protected]
X-A-S-P: anon2+"([email protected])Kb"@b.com
X-A-R-P: (anon1+"([email protected])Ka"@a.edu)Kb
From: [email protected]
Message-Id: <[email protected]>
B.COM:
To: [email protected]
X-A-S-P: [email protected]
X-A-R-P: (anon2+"(anon1+"([email protected])Ka"@a.edu)Kb"@b.com)Kc
From: [email protected]
Message-Id: <[email protected]>
C.ORG:
To: [email protected]
X-A-R-P: anon3+"(anon2+"(anon1+"([email protected])Ka"@a.edu)Kb"@b.com)Kc"@c.org
From: anon3+"(anon2+"(anon1+"([email protected])Ka"@a.edu)Kb"@b.com)Kc"@c.org
Message-Id: <[email protected]>
ANCHOR.HO.ATT.COM: (Reply)
To: anon3+"(anon2+"(anon1+"([email protected])Ka"@a.edu)Kb"@b.com)Kc"@c.org
From: [email protected]
Message-Id: <[email protected]>
C.ORG:
To: anon2+"(anon1+"([email protected])Ka"@a.edu)Kb"@b.com
From: [email protected]
Message-Id: <[email protected]>
B.COM:
To: anon1+"([email protected])Ka"@a.edu
From: [email protected]
Message-Id: <[email protected]>
A.EDU:
To: [email protected]
From: [email protected]
Message-Id: <[email protected]>
Of course, some work would be necessary to accomodate double-blind
conversations.
-----BEGIN PGP SIGNATURE-----
Version: 2.3a
iQCVAgUBLV92F4SAMUrxt1aZAQErUQQAggfMfjxAXS0rk9AL5uZTNN9adGNJqMvF
gC5QSlgSki2bmUzfeoq/2cSpdUx7vX9LPCGd88+RnnouyhCDhK0a6fOLGgEDrtar
miKGU11Ernt/bQC6gwvBa+KuD7pceLM2mPGw9NLxLMwwajP/U6CxL2/bMXIQhxZ0
eMTM76QuEwE=
=tfVg
-----END PGP SIGNATURE-----
#