[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dispatches from the front lines of anonymity



X-Real-Subject: Re: not assigning IDs for alt.whistleblower
X-Real-From: Richard M. Nixon
X-Real-Message-Body-Begin:
It's probably a reasonable policy - anybody who wants to can add a 
signature line or equivalent giving themselves a pseudonym, and
if they want private replies they can provide a PGP or RIPEM public key.
A clean way to avoid the problem of encrypted replies cluttering up the
newsgroup is to also create alt.whistleblower.followup or a.w.crypt,
with similar non-assignment of ids, so readers can easily skip over
the crypted private replies.
If some whistleblower, or some whistlelistener, is more trusting,
they can even post their an12345 address.

I *would* recommend the following policies -
- accept email in PGP, RIPEM, and also unencrypted MIME, X.400, and vanilla 
	formats- not everybody who wants to blow a whistle has the right-shaped
	whistle handy.  
- publish an "official" method for defining what part gets posted - e.g.
	Anonymous-Subject: Use me instead of the main header Subject:
	Begin-Anonymous-Message-Body:    .....
	End-Anonymous-Message-Body:
	as part of the *text* of the message, so that people with different
	mailers can be sure about what parts get kept and what don't -
	it would be real annoying to have the signature-stripper delete
	the good parts of a message because they looked like signatures,
	or leave on the signatures because they looked like text,
	but some mailers won't let your do what you want with headers.
	Also publish a policy for messages that _don't_ contain them.

	A proper approach might be to use the MIME headers, but accept them
	from inside the message body as well as from the headers of
	proper MIME messages, so people can do them by hand.
	This has the added advantage of supporting Content-Transfer-Encoding:
	headers so you can tell more easily which encryption was used,
	and so senders of unencrypted messages can use compression or 
	rot13 :-) to avoid having their message sent in obvious ascii.
	
X-Real-Signature:		"Maybe I _was_ a crook" 
X-Real-Message-Body-End:

				Bill

# Bill Stewart    [email protected]  +1-908-949-0705 Fax-4876
# AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ  07733-3030