Re: REMAIL: pseudo-account remailer @andrew gains anonymous feature

[Ed Carp <ecarp@netcom.com>]

On Sat, 9 Apr 1994, Matthew J Ghio wrote:

> Ryan A. Perkins wrote:
> 
> > >An encrypted reply address is created for the sender of the anonymous
> message.
> >
> > What happens if I already have an encrypted reply address? What happens
> > if I already have SIX encrypted reply addresses? Which one is used?
> > Or is *another* one created?
> 
> Another one is created, since no records are kept of what addresses you
> already have.
> 
> I am somewhat unsure of what to do in this situation.  As I have it set
> up now, it will always create the same address for replies (but you can
> still get as many different ones as you like from mg5n+getid@andrew...) 
> so if you send two messages to mg5n+anxxx... addresses, they will both
> have the same reply address.  I could change this and have it create
> different ones each time, which would preserve anonymnity better, but
> this could lead to confusion when replying to messages, because it'd be
> difficult to tell if two messages came from the same person or not.  I
> suppose a more complicated system could be set up where the users would
> specify which reply address they wanted to use, or where replying to a
> certain address would always allocate the same reply-id.  Any
> suggestions?

How about generating a secure hash and using that as an index into a 
table?  If there's an address already there, use that - otherwise, 
generate one.

Generate the hash from the incoming address, of course.  That way, you 
don't need to keep track of anon-id-to-real-id mappings, yet guarantee 
that each user has one and only one anon address. Of course, folks coming 
in from different hosts will have different anon ID's.

Or have I missed some blindingly obvious technical point thaqt would make 
this impossible?