[147139] in cryptography@c2.net mail archive
Re: [Cryptography] prism proof email, namespaces, and anonymity
daemon@ATHENA.MIT.EDU (Adam Back)
Sun Sep 15 17:42:59 2013
X-Original-To: cryptography@metzdowd.com
Date: Sun, 15 Sep 2013 13:47:13 +0200
From: Adam Back <adam@cypherspace.org>
To: John Kelsey <crypto.jmk@gmail.com>
In-Reply-To: <E3712724-9AE8-4A51-9748-4C7BE9E96376@gmail.com>
Cc: "cryptography@metzdowd.com List" <cryptography@metzdowd.com>,
Crypto List <cryptography@randombit.net>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Fri, Sep 13, 2013 at 04:55:05PM -0400, John Kelsey wrote:
> The more I think about it, the more important it seems that any anonymous
> email like communications system *not* include people who don't want to be
> part of it, and have lots of defenses to prevent its anonymous
> communications from becoming a nightmare for its participants.
Well you could certainly allow people to opt-in to receiving anonymous
email, send them a notification mail saying an anonymous email is waiting
for them (and whatever warning that it could be a nastygram, as easily as
the next thing).
People have to bear in mind that email itself is not authenticated - SMTP
forgeries still work - but there are still a large number of newbies some of
whom have sufficiently thin skin to go ballistic when they realize they
received something anonymous and not internalized the implication of digital
free-speech.
At ZKS we had a pseudonymous email system. Users had to pay for nyms (a
pack of 5 paid per year) so they wouldnt throw them away on nuisance pranks
too lightly. They could be blocked if credible abuse complaint were
received.
Another design permutation I was thinking could be rather interesting is
unobservable mail. That is to say the participants know who they are
talking to (signed, non-pseudonymous) but passive observers do not. It
seems to me that in that circumstance you have more design leverage to
increase the security margin using PIR like tricks than you can with
pseudonymous/anonymous - if the "contract" is that the system remains very
secure so long as both parties to a communication channel want it to remain
that way.
There were also a few protocols for to facilitate anonymous abuse resistant
emails - user gets some kind of anonymously refreshable egress capability
token. If they abuse they are not identified but lose the capability. eg
http://www-users.cs.umn.edu/~hopper/faust-wpes.pdf
Finally there can be different types of costs for nyms and posts - creating
nyms or individual posts can cost real money (hard to retain pseudonymity),
bitcoin, or hashcash, as well lost reputation if a used nym is canceled.
Adam
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
