On Fri, 30 Jan 2004, Hector Santos wrote:
Are the posters able to restrict knowledge of their identity to only
themselves, or not?
No. They can not post mail without accountablity or tracability or some
kind.
That that's not anonymity. That's identity escrow.
I believe that that statement to be false, and based on a flawed premise.
Which is?
That it is acceptable to build a protocol which must resort to legal
action in order to be sustainable.
What you are suggesting here is a protocol which deals with abuse by
resorting to lawsuits or prosecution. From a technical standpoint, that's
a pretty inadequate protocol.
I don't agree. Incorrect description of that you deem is my premise.
I can not support or endorse any concept of complete 100% untracable
posting. And it does have ramifications that are legal and both technical.
See CAN-SPAM.
CAN-SPAM is not relevant.
A good message protocol will not require "traceability" as a necessary
component for its security. It will handle network abuse gracefully and
through innate protections.
How so? That seems to be a contradiction. To "Handle Abuse" implies there
is some trackable or "access" concept involved.
You appear to want to deal with abuse through accountability and
punishment. A protocol designed for use on a global network should be able
to proactively resist attack, instead of relying on reactive out-of-band
action as a deterrent.
It's my understanding that CAN-SPAM bans the forging of network headers.
That does not prohibit strong anonymity, and does not affect anonymous
remailers.
If you don't forge your transaction then you are no longer anonymous!
That is a false statement. I suggest you read a bit of the large body of
academic research on anonymity protocols for background.
For instance, Mixmaster forges nothing. Mail delivered to a recipient
from a Mixmaster remailer bears the legitimate headers and information of
the remailer's MTA.
CAN-SPAM clearly says that TRACABILITY IS A MUST! It is the only way it can
be enforced. And that includes direct and indirect senders. Please read
it thoroughly. It is quite clear.
Are you an attorney?
Anyway. This is EXACTLY why we need to get this straight. You are
advocating the concept that I must accept your entire message first to
decide if its acceptable or not. No consideration for who is delivering the
message or protocol level controls. Sounds familar?
I am advocating no such thing. What the recipient must accept, how the
message is delivered, and whether the sender's identity must be verifiable
are all orthogonal concepts.
Sorry, both concepts are unacceptable by me for any new design. If you want
to have a primitive protocol with one command "DATA" or break it into two,
HEAD and BODY commands, great! Propose it! I have less of a problem with
that. But that HEAD must all the TRUSTED relationship and network tracing
concepts we must deal with.
Why must you dictate a global recipient policy? It is wiser to build in
optional 'trust' relationship opportunities, and permit the recipients to
define their own threshold for what messages they will accept.