[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Message Havens



> I'm taking it that a "gopherhole" is different than the "message
> haven" I described, so maybe I missed something...
A "gopherhole" and "message haven" are the same thing.
We were using the term "gopherhole" because it was suggested that
gopher be used as the underlying mechanism for a message haven.

> but if the "gopherhole" sends out random messages (and presumably the
> ones you are interested in) then the "gopherhole" will eventually be
> able to figure out what messages you are interested in.  And how would
> it know what messages you are interested in unless you tell it... it
> would then need to be able to tie your psuedonym to your real mail
> address, which defeats the entire purpose of what I described.  But
> then, maybe the design goal of a "gopherhole" is different and I
> missed it.
Yes.  Under this model, a message haven must be trusted.

> Maybe I wasn't clear in what the "message haven" offered... I'm trying
> to get away from the penet style mapping tables, persistent
> information tying you and your pseudonym, and solve the "unsolicited
> anonymous mail" problem.  The message haven requires no trust, no
> tables, no information since it just accepts message and files them,
> and if you retrieve all the message, the haven can't figure out which
> ones you are interested in!
This flavour of message haven would not require persistent tables.
A crooked operator /could/ maintain them, but unlike penet they are
not required.  Every time you log into a message haven, you tell it
what tags you are interested in.  Here the level of trust is similar
to that of a regular remailer.  The remailer /could/ keep logs to
destroy your anonymity, but we hope it doesn't.

I realize this solution is far from ideal.  But as I posted before,
I don't believe the numbers favour a message haven where everything
is downloaded.  I have this nagging feeling that there is some
very elegant cryptographical way of doing this employing secret
sharing, but I can't actually think of how to do it.