[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

nym based remailer proposals



-----BEGIN PGP SIGNED MESSAGE-----

Current nym based remailers suffer from the same insecurity that all return
address share. It is easy for an opponent to trace a return address by
sending many messages to that address, and watching the traffic generated.
If the remailer uses a database of nyms to real names (like Julf's penet
remailer) then all security rests with the integrity of the operator and
the security of that one system. These security problems can be avoided,
while still providing the benefits of a "replyable" address.

I suggested the following scheme at the last San Diego Cypherpunks meeting.
It was well received there, so I hope it will be of interest.

Having read the help files, this is my understanding of how the current nym
based remailers work. I send an anonymous reply block to the nym remailer,
which puts it in a database, along with my chosen nym. This can all be done
through remailers. Now anyone can send mail to [email protected] and
it will be sent to me using the reply block I sent.

I propose two changes:
1) To facilitate replying to nyms, I should be able to send mail to the
remailer indicating the nym it should appear to be from. Then a recipient
would simply hit reply, and the response would go back to the real sender.

2) I propose the use of message pools rather than return addresses. With
enough subscribers, the best way to do this would be using mailing lists.
There already exist many tools which could filter out all pool message
other than yours. Until that time, alt.anonymous.messages would be a better
choice. To be practical, both of these schemes require that the user be
able to filter out messages to other nyms.

The remailer (which might be better called a nym server) should place the
subject line of the incoming reply in the body of the message, and replace
the subject line with some searchable string (e.g. To Nym: Pr0duct Cypher).
Searching alt.anonymous.messages for your nym in the subject line would
reveal all messages to you.

While the current system would allow me to have messages sent to a message
pool using a mail-to-news gateway, I am not now able to search for messages
to me, and I can not send messages "From: " my nym.

                -Lance (Ice Weasel) Cottrell

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLuqx5VVkk3dax7hlAQE2UAP9FEBCHyRZid7oAXHqSf2OUk63uMKzBSaE
ftW5WYkXJNfyeZFXlsMqfgBorB9LBzdza4xAM+V31zKuBBe4n//i29TE25vN+Qwq
FAiAQ0L4tj6KiTl/Yt7alw6b6aLm60Hj9C3MsRRAj3hBnUo2b3VViR+W9bE2n7Ox
pHtTUnQQIRA=
=P/bW
-----END PGP SIGNATURE-----

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
[email protected]
PGP 2.6 key available by finger or server. Encrypted mail welcome.
Home page http://nately.ucsd.edu/~loki/
Home of "chain" the remailer chaining script.
For anon remailer info, mail [email protected] Subject: remailer-help

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche