[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SCHEME for FULL-SPEC RETURN PATH
Sorry, either I mixed it up with regular cypherpunks mail or didn't
realize you were expecting a response. To summarize your method,
messages going from the original sender to the recipient have headers like
To: recipient
X-Anon-Sender-Path:
X-Anon-Reply-Path:
where the X-A-*-P: headers have the form
remaileruser+stuff@remailersite
and "stuff" is similar-sorm stuff encrypted with a remailer's public key.
When going from the sender to the recipient, remailers take their
names off the X-A-S-P line, decrypt the stuff, and encrypt themselves
onto the X-A-R-P line, which the recipient can use to reply.
My two main problems with it are
1) It leaves the recipient's address visible the whole way.
Not only is this a security risk, but the recipient may not have made
it known, since the recipient may have set up some messy remailer-chain
using different syntax to get replies.
2) The syntax may be symmetrical, but it's ugly :-)
It would be cleaner to package it into the To: field if you can, though
the user+stuff@somewhere format seems to be an Andrewism, and the
Internet standard @somewhere.com:user@domain or user%[email protected]
forms only carry machine names, not machine and user names.
Because you're not using the standard mailer syntax,
it means that you have to build a chain of only your flavor of remailers
to get a reply to work, though I suppose almost any method has that problem.
But you run the risk of a normal machine or smart-mailer along the way
just seeing the To: [email protected] and sending it directly
instead of sending it to your remailer-user. Better to keep roughly
your same syntax, except have the To: line be only the next hop,
and the recipient's real address be hidden inside the X-A-S-P pile.
That's also more symmetric, letting you take a reply from this sort
of system and reply back to it again.
Bill