[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Making Remailers Widespread



I've been thinking about how to make one-way remailers a 
widespread commodity, rather than the novelty item they are today.
Doing two-way remailers would be better, but that's still a hard problem,
and I don't want to widely deploy shoddy two-way-remailers.

Suppose we add form-based remailer support to a popular SSL-equipped
HTTP server, such as Apache-SSL, by putting remailer.pl and a 
remailer form in the default setup, which would deploy hundreds of remailers
with minimal effort.  What would we have to do to make it work well,
rather than turn into a public relations disaster and spam explosion?

- The remailer script would have to add disclaimers at the beginning
and/or end of the message reminding readers that the message is
anonymous, and to contact the remailer cabal rather than the postmaster.

- Blocking becomes a big problem - it's annoying enough now,
when there are a small number of remailers with hard-working operators;
we'd need some sort of automated blocking support to make it
usable by relatively non-involved operators

- A centralized block list (e.g. http://www.remailer.net/block.txt)
which all of the form-based remailers could load and reference would
allow non-picky operators not to have to handle it themselves

- Implementing the blocking list as a web form for people who
want to be blocked would make it relatively painless to use;
remailer-operators wouldn't have to transcribe email from the
remailer-operators list to use it, which helps with other problems.

- Of course, once anybody can fill out their name and ask to be
blocked, it's possible for spoofers to block people who don't want to be.
One approach for preventing this is to implement a three-way handshake 
        - user fills out form, form mails back blocking notice with cookie, 
                user returns cookie to complete blocking
        - this is a bit messier for mailing lists, but we can ignore...
        - special-case for "postmaster", who may want to block
                all of foo.domain instead of just [email protected]
        - special-special-case for postmasters of big sites, e.g. aol, netcom,
                who we may want to ignore?
- A sender-blocking list is harder, and may still take human attention

- remailer chaining - allow user to put in another Apache-remailer site
        so we don't have to limit the chaining to known short list of sites.
        The remailer.pl can send an https foo.bar.com remailer.pl PUT
- The remailer form can probably just have field for second site, if empty
don't use.
        I suppose remailer.pl could also automagically add that in when it
posts.

Technical question:
- How do we initiate an http or https PUT from a script?
        I assume there's probably some perl add-in for posting http/https?
        Is there a command-line-shell interface that can fetch URLs?


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# <A HREF="http://idiom.com/~wcs"> 	
# You can get PGP software outside the US at ftp.ox.ac.uk/pub/crypto