On Mon February 28 2005 09:07, Tony Finch wrote:
This idea of obfuscating the message header does not provide proper
anonymity, since the trace fields will still contain the IP address of the
sender which is enough to identify them.
Trace fields are used with SMTP, not necessarily with other
protocols that use the Internet Message Format. IP address
alone is not sufficient to identify an individual (esp. w/
DHCP, public access points, etc.) and might identify the sender
(i.e. the person who caused a message to be entered into the
transport stream) who may be different from the message author
(i.e. the person who composed the message).
Why isn't pseudonimity enough?
Why not propose a specification for properly strong anonymity based on
mixmaster or some other multi-stage cryptographic system?
While the message body content (and originator-specified header
fields if encapsulated in a MIME message/rfc822 wrapper) can be
encrypted by existing S/MIME and PGP/MIME methods (adding more
MIME wrappers), there are still some issues:
1. If SMTP is used, SMTP trace fields in the (unencryptable)
outer message header will still leave a trail to the sender
(but not necessarily the author, as noted above).
2. Decrypting requires knowledge of an encryption key, which
implies knowing who sent the message.
3. While a hypothetical well-known public key unassociated with
an individual would allow decrypting the message, once done
(by anybody), the unencrypted content is available; if it
contains some indication of authorship (viz. a From header
field), there is no anonymity.
As I see it, a necessary first step is provision for anonymity
in the message format.