ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Maintaining Anonymity in an Authenticated System

2003-07-03 04:51:37
from [Spencer Dawkins] [Permanent Link] 
----- Original Message ----- 
From: "Andrew Akehurst" 
<A(_dot_)D(_dot_)Akehurst-99(_at_)student(_dot_)lboro(_dot_)ac(_dot_)uk>
To: <asrg(_at_)ietf(_dot_)org>
Sent: Thursday, July 03, 2003 6:23 AM
Subject: Re: [Asrg] Maintaining Anonymity in an Authenticated System


[deleted down to]



Anonymous transmission is indeed a feature of our current systems, not a
bug.  Any new system or authentication layer on top of what already
exists needs to maintain that.


As I understand it, most of the proposals of that nature are about tying
messages to a specific e-mail address. Just because you can trace a

message

back to a certain address does not necessarily mean you can identify the

human

being who sent it.


Ya know, I understand what you're saying, but (1) we're going
through an IPv6 exercise to say "well, maybe MAC addresses
are too closely tied to people to use them as part of
autoconfigured IPv6 addresses", (2) for most users of
personal computers, saying "someone else must have broken
into my house and sent all this child porn from my PC" has not
been observed to work very well, and (3) in order to say
"IP addresses != people", you would need dynamic IP
addresses that don't tie to NAIs, etc. - I believe all the IP
addresses I use for POP3/SMTP can be traced back to
me pretty easily... if I was a charter member of al Queda
I'd be more motivated to hide, but I don't think anonymous
POP3/SMTP is as easy as you're making it sound.

By "anonymous", I'm talking about two-way communication -
more than just sending an e-mail from Bill Gates saying "I'm
really excited about this quarter's earnings prospects". Simple
forgery is, of course, a variant of one-way anonymous communication.



I could sign up for a fully-traced mail account and then use an

anonymising

proxy service to access it. Providing the mail service didn't check that

the

personal details I supply are correct (as far as I know, few mail services

do),

I could easily sign up with a false name and details.

This would be especially simple for webmail accounts via anonymous web

proxy

(e.g. anonymizer.com) so that tracing the originating IP address would not

be

helpful. And if the mail service itself did not have my real personal

details

(because I wouldn't supply genuine ones) then how could anyone know who

sent it?




Now, this is fairly true, but is anonymity via webmail sufficient?

Spencer


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: RE: [Asrg] 2. Problem Characterization - Defining spam within consent paradigm, Tom Thomson
Next by Date:  Re: [Asrg] Forbes: Pay up, Matt
Previous by Thread:  Re: [Asrg] Maintaining Anonymity in an Authenticated System, Andrew Akehurst
Next by Thread:  Re: [Asrg] Maintaining Anonymity in an Authenticated System, Andrew Akehurst
Indexes:  [Date] [Thread] [Top] [All Lists]