Re: [9fans] ISP filtering - update

[Lucio De Re <lucio@proxima.alt.za>]

On Sat, Sep 27, 2003 at 10:02:29AM +0200, boyd, rounin wrote:
>
> > Just for the sake of stirring the pot, I've been considering an
> > anonymising mail server ever since anon.penet.fi (it's been such
> > a long time I can't even tell if I got the right name) was established
>
> what was the screwup where an anonymiser spat out everyone
> in the clear?  anyway, i don't want to be anonymous.  i just wanna
> takes these T's [spammers] down.

That's a programming error, they deserve what they got :-)

In the PEM spec is an option whose name escapes me now (I have the
PEM RFCs not quite at hand) where the certificate asserts you
_are_not_ the designated (oh, yes!) "persona".  That is how an
anonymous server would operate.

You submit your PGP public key in the name of <poltroon@anon.co.za>
and I file it in the database.  All mail encrypted with your private
key (identified by your key hash) is decrypted using your public
key and re-encrypted with the server private key before being
forwarded to the recipients.  You can naturally encrypt the contents
with the recipients' keys to ensure the server does not have access
to information you want to protect.  Seeing that you're already
using one level of encryption, you may as well use two, if it's
worth it.

Likewise, all mail to <poltroon@anon.co.za> will be encrypted on
arrival with your public key and posted to a public queue.  You can
then request your messages by PGP key hash.  I haven't thought of
a sensible removal mechanism, but I suppose you could have a proper
identity on the server and use standard filesystem permissions - at
which point one may as well provide POP or IMAP services - or I
could just expire the messages after some agreed time period and
you'd have to figure how to avoid repeatedly reading the same
information.

Quite frankly, upas/fs would seem perfectly suitable here.  Use
the PGP hash (or equivalent for PKI suckers) as the user ID.  I
just thought that having a public pool of messages would be somehow
worthwhile, maybe as a newsboard?

As the sole details I have of your identity are the hash and a
public key that asserts you _are_not_ <poltroon@anon.co.za>, there
isn't much an authority could do to force me to reveal who you are.

++L

PS: this is not as remote as one may think, I already need to
upgrade the HIVEMIND.NET server that provides a number of mailing
list services to the broad Internet community in South Africa.  I
may well add ANON capabilities to it: it also serves the local
NetRaver community and there have been many requests to/not to
archive the mail for obvious reasons, so ANONimising their mail
would probably be well received there.

PPS: I'd appreciate if anyone who can identify loopholes in the above
would raise the issue with me, as I'm not very good at conceiving
all possible facets in a situation such as this.

PPPS: One more OT thing.  I use RAV Antivirus on the NetBSD servers
at my clients.  It isn't perfect, but it sure beats not having it.
It isn't either pricey or cheap, I think it's fairly priced.  But
having looked at its functionality as well as the dreadful offering
from F-Secure as regards central management of their perfectly
reasonable workstation-level virus checker, it struck me that
Inferno would be the perfect platform to deploy an e-mail infrastructure
for the medium, possibly large corporation.  In other words, as
soon as MS-Exchange collapses under the weight of thoughtless
implementation combined with multiple global attacks by more and
more aggressive viruses and spam, there will be a huge gap for a
replacement tool developed entirely as an Inferno application.
Vitanuova Notes, anyone?