Re: [Asrg] Maintaining Anonymity in an Authenticated System
Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk> Thu, 03 July 2003 12:57 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA09287 for <asrg-archive@odin.ietf.org>; Thu, 3 Jul 2003 08:57:36 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y3e6-00030P-Vi for asrg-archive@odin.ietf.org; Thu, 03 Jul 2003 08:57:07 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h63Cv6nF011549 for asrg-archive@odin.ietf.org; Thu, 3 Jul 2003 08:57:06 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y3e6-00030C-Rq for asrg-web-archive@optimus.ietf.org; Thu, 03 Jul 2003 08:57:06 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA09268; Thu, 3 Jul 2003 08:57:05 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y3e5-00062b-00; Thu, 03 Jul 2003 08:57:05 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Y3e4-00062Y-00; Thu, 03 Jul 2003 08:57:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y3e1-0002yB-CZ; Thu, 03 Jul 2003 08:57:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y3dk-0002xz-Aa for asrg@optimus.ietf.org; Thu, 03 Jul 2003 08:56:44 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA09257 for <asrg@ietf.org>; Thu, 3 Jul 2003 08:56:42 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y3di-00062O-00 for asrg@ietf.org; Thu, 03 Jul 2003 08:56:42 -0400
Received: from bill.lut.ac.uk ([158.125.1.193]) by ietf-mx with esmtp (Exim 4.12) id 19Y3dh-00062L-00 for asrg@ietf.org; Thu, 03 Jul 2003 08:56:42 -0400
Received: from [158.125.1.117] (helo=studentpop1.lboro.ac.uk ident=root) by bill.lut.ac.uk with esmtp (Exim 4.14) id 19Y3dg-0006Cm-QN; Thu, 03 Jul 2003 13:56:40 +0100
Received: from [158.125.1.123] (helo=bod.lut.ac.uk) by studentpop1.lboro.ac.uk with esmtp (Exim 3.13 #1) id 19Y3dg-0001tr-00; Thu, 03 Jul 2003 13:56:40 +0100
Received: from apache by bod.lut.ac.uk with local (Exim 4.12) id 19Y3dg-0003jg-00; Thu, 03 Jul 2003 13:56:40 +0100
To: Spencer Dawkins <spencer@mcsr-labs.org>
Subject: Re: [Asrg] Maintaining Anonymity in an Authenticated System
Message-ID: <1057237000.3f042808b5ac4@student-webmail.lboro.ac.uk>
From: Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>
Cc: asrg@ietf.org
References: <1057231407.3f04122febaa2@student-webmail.lboro.ac.uk> <061701c34159$4f2bc830$0200a8c0@DFNJGL21>
In-Reply-To: <061701c34159$4f2bc830$0200a8c0@DFNJGL21>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.8
X-Originating-IP: 194.196.110.14
X-Spam-Score: -19.2 (-------------------)
X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *19Y3dg-0006Cm-QN*qRNqvPEvaV6*
X-Lboro-Filtered: bill.lut.ac.uk, Thu, 03 Jul 2003 13:56:41 +0100
Content-Transfer-Encoding: 8bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 03 Jul 2003 12:56:40 +0000
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
Quoting Spencer Dawkins <spencer@mcsr-labs.org>: > [deleted down to] > > > > > > >Anonymous transmission is indeed a feature of our current systems, > > >not a bug. Any new system or authentication layer on top of what > > >already exists needs to maintain that. >> As I understand it, most of the proposals of that nature are about >> tying messages to a specific e-mail address. Just because you can trace a >> message back to a certain address does not necessarily mean you can >> identify the human being who sent it. > Ya know, I understand what you're saying, but (1) we're going > through an IPv6 exercise to say "well, maybe MAC addresses > are too closely tied to people to use them as part of > autoconfigured IPv6 addresses" That's an interesting point in itself. Tracing a MAC address (or an IPv6 address derived from one) could allow an eavesdropper to trace traffic from multiple connection sessions (over a period of time) back to a single network interface. Of course there still isn't necessarily a one-to-one mapping between a network interface and a human being. NAT gateways can hide many machines and people behind them, and of course even a single machine may have multiple people who log on and use it. The shortage of IPv4 addresses has lead to mechanisms like DHCP and NAT, both of which can provide limited levels of privacy... This issue intrigues me a lot but I won't say too much else about it here for fear of getting wildly off- topic. > (2) for most users of > personal computers, saying "someone else must have broken > into my house and sent all this child porn from my PC" has not > been observed to work very well, and (3) in order to say > "IP addresses != people", you would need dynamic IP > addresses that don't tie to NAIs, etc. - I believe all the IP > addresses I use for POP3/SMTP can be traced back to > me pretty easily... if I was a charter member of al Queda > I'd be more motivated to hide, but I don't think anonymous > POP3/SMTP is as easy as you're making it sound. Well, maybe I glibly made it sound easy. My example deliberately bypassed the need for POP3 by using a webmail interface to access a mailbox that way. My point was simply that, whatever new e-mail system is developed in future, if access to it can be proxied in some way (via a web interface or otherwise) then IP address tracing would turn up at a dead end. We should of course consider privacy as a requirement, but one needn't define it as an explicit part of a new e-mail system provided some external anonymity protection method is compatible with it - or at least new ideas shouldn't preclude some kind of anonymity even if they don't actually define a mechanism for it. > By "anonymous", I'm talking about two-way communication - > more than just sending an e-mail from Bill Gates saying "I'm > really excited about this quarter's earnings prospects". Simple > forgery is, of course, a variant of one-way anonymous communication. That's a good reminder, thanks for that. OK, suppose there were a tracked, secure version of Hotmail (say) whose messages could always be traced back to my Hotmail e-mail address, I could still use an anonymous web proxy service to both send and receive messages on that account. That way, if I sent spam, my account could still be closed by MSN for violation of their abuse policy. But anyone with a personal or political grudge against me would not be able to trace the e-mail address to me as an individual. Would that work? (Once again I assume that I would lie to Hotmail about any personal details they ask for, since it would be difficult for them to check at the time of sign-up) I do take your point about the ease of setting this up. However it would create a nice market for companies to provide proxying to common webmail services. They could let me log in at their website and proxy on my behalf to Hotmail (or whoever), passing the results back to my browser. To average Joe Public it could be made very easy to use by being almost totally transparent and it would make a nice business opportunity for companies to rent such services to people. > Now, this is fairly true, but is anonymity via webmail sufficient? It's difficult to say. On the technical side, with only access to the IP address of my proxy and my message itself it might still be possible to identify me by my apparent relationship with those I contact. Then again, it might still be possible to do so if I wrote a letter to someone. If I were really paranoid I'd use something like public key cryptography and send my messages that way. Whether webmail companies would provide that service for free is another matter. Certainly having a protocol which sends e-mail over encrypted connections between MTAs might help stop eavesdroppers en route from intercepting my message. The technology to do that is readily available. One issue is that if courts could order anonymiser services to surrender their logs then that might be a problem. However jurisdiction would likely rest with the country in which the server is based. Indeed, some countries might do a nice trade in off-shore privacy proxies (just as Switzerland does with banking privacy). I'm not a lawyer however, so I'll leave it to the legal experts to determine the risks of that one. Is any of this helpful? Personally I'll always be paranoid about communications privacy, but I happen to believe that low-level paranoia is a survival skill. :- ) Andrew _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Maintaining Anonymity in an Authenticated … Philip Miller
- [Asrg] 3. Requirements - Support for Anonymity (R… Yakov Shafranovich
- Re: [Asrg] Maintaining Anonymity in an Authentica… Andrew Akehurst
- Re: [Asrg] Maintaining Anonymity in an Authentica… Spencer Dawkins
- Re: [Asrg] Maintaining Anonymity in an Authentica… Andrew Akehurst
- Re: [Asrg] Maintaining Anonymity in an Authentica… Steve Schear
- Re: [Asrg] Maintaining Anonymity in an Authentica… Andrew Akehurst
- Re: [Asrg] Maintaining Anonymity in an Authentica… Yakov Shafranovich