[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MTS transparency and anonymity

To: ietf-822 <ietf-822@xxxxxxx>
Subject: Re: MTS transparency and anonymity
From: Tony Finch <dot@xxxxxxxx>
Date: Mon, 28 Feb 2005 16:48:12 +0000
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-822/mail-archive/>
List-id: <ietf-822.imc.org>
List-unsubscribe: <mailto:ietf-822-request@imc.org?body=unsubscribe>
References: <> <> <> <>
Sender: owner-ietf-822@xxxxxxxxxxxx

On Mon, 28 Feb 2005, Bruce Lilly wrote:
>
> > - if you can trace the message's sender, you can probably
> > identify its author
>
> I disagree with the premise.  There are ways for an anonymous
> author to arrange for a sender to send a message w/o knowing
> the author's identity (some sort of drop-box, for example).

That's essentially what anonymous remailers do.

> > - why can't people just use pseudonymity instead?
>
> It's unclear exactly what you mean

In the context of email a pseudonymous email address would be one that
is valid but not traceable to any particular real-world person. The old
anonXXXX@xxxxxxxxxxxxx addresses are a good example.

> > Mixmaster
>
> Tracing back (given a sufficient quantity of guns and/or lawyers
> or wiretaps) seems feasible (with the proviso that it traces senders,
> not necessarily authorship).

Yes, though mixmaster makes this considerably harder than the erzats
anonymity you are suggesting.

> It's unclear what you mean by "a new message header"; if you mean
> eliminating transport trace fields, that's one thing, if you mean
> Subject, Comments, From, To, Cc, Date, and other originator fields that
> are an integral part of the message, then the message integrity is
> essentially destroyed (N.B. body content is unnecessary in a message;
> the entire message may consist exclusively of header fields).

The next-hop message header is derived from the decrypted contents of the
original message - i.e. each mixmaster hop is an unencapsulation of a
message wrapped in an onion-like manner. Intermediate mixmaster hops do
not know about the originator or final recipients of the message.

> > All of the crypto keys belong to recipients, not senders.
>
> So a message to multiple recipients isn't possible (as opposed
> to multiple messages, each to a single recipient)?

Perhaps you should read up on the basics of public key crypto. The usual
way that a message is encrypted for multiple recipients is that the
message is encrypted with a symmetric block cipher (asymmetric crypto is
too slow for bulk applications), and the key (which works for both
encryption and decryption) is encrypted once for each recipient with that
recipient's public key.

Tony.
-- 
f.a.n.finch  <dot@xxxxxxxx>  http://dotat.at/
LUNDY FASTNET IRISH SEA SHANNON: WEST OR NORTHWEST 3 OR 4 INCREASING 5 TO 7.
RAIN OR SHOWERS. MODERATE OR GOOD.

References:
- Re: draft-lilly-from-optional-01.txt
  - From: Charles Lindsey
- Re: MTS transparency and anonymity
  - From: Bruce Lilly
- Re: MTS transparency and anonymity
  - From: Tony Finch
- Re: MTS transparency and anonymity
  - From: Bruce Lilly

Prev by Date: Re: MTS transparency and anonymity
Next by Date: Re: MTS transparency and anonymity
Previous by thread: Re: MTS transparency and anonymity
Next by thread: Re: draft-lilly-from-optional-01.txt
Index(es):
- Date
- Thread