On 1/29/2004 11:13 PM, Paul Lambert wrote:
You could just as easily used a yahoo.com identifier,
I have no guarentees of the services from yahoo. They can trace me, so
I'm not anonymous.
The degree of anonymity offered by any provider would obviously vary, and
I'd hope the market would recognize and promote that, but then again the
degree to which you wish to be completely anonymous may require you to buy
into a more obscure offering and thus cost *you* more, not the rest of us.
For example, it's possible to do something like recursively sign a sender
certificate at each hop in the network, with the recipient being able to
verify the sender's and hosts' identifier data upon receipt. That provides
strong tracability on a per-message basis, but you can still make this
fully anonymous by using:
1) a sender cert that does not have any user details
2) one-time certs that disrupt patterns
3) another host to break the location patterns
4) a different submission protocol to a privacy-centric provider
5) another provider that dumps-and-pumps the mail, so that every
new message appears to come from a sender/host at their location.
...) any number of other variants
In all those cases the message can be traced back over the network and the
identifiers can be verified as legitimate, but with varying degrees of
anonymity also being provided for the sending user.
For the rest of us, having the transport network vouch for us would
probably be more useful, so I'd expect that folks like you would be
willing to pay for the knobs that you want (the premium for the remailer,
in this case), and not make it the default.
Default anonymous is what we have now and is the source of many problems
(spam, forgeries, viruses, etc). It's wholly unnecessary (as proven
above), so I don't see why we would even allow for it.
Yes. A remailer can be built on a strongly authenticated
infrastructure, but I'd like to be sure that I can recognize the mail
as anonymous rather than as a new possibly traceable identity.
I don't understand this requirement. Can you clarify?
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/