IETF Logo Mail Archive

Re: [Asrg] Maintaining Anonymity in an Authenticated System

Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk> Thu, 03 July 2003 11:24 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06605 for <asrg-archive@odin.ietf.org>; Thu, 3 Jul 2003 07:24:38 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2C7-0008Fc-SS for asrg-archive@odin.ietf.org; Thu, 03 Jul 2003 07:24:08 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h63BO7m1031716 for asrg-archive@odin.ietf.org; Thu, 3 Jul 2003 07:24:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2C7-0008FT-PS for asrg-web-archive@optimus.ietf.org; Thu, 03 Jul 2003 07:24:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06575; Thu, 3 Jul 2003 07:24:07 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y2C7-0005JG-00; Thu, 03 Jul 2003 07:24:07 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Y2C6-0005JD-00; Thu, 03 Jul 2003 07:24:06 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2C1-0008Bs-Ol; Thu, 03 Jul 2003 07:24:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2BW-0008BY-Kz for asrg@optimus.ietf.org; Thu, 03 Jul 2003 07:23:30 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06504 for <asrg@ietf.org>; Thu, 3 Jul 2003 07:23:29 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y2BV-0005Id-00 for asrg@ietf.org; Thu, 03 Jul 2003 07:23:29 -0400
Received: from bill.lut.ac.uk ([158.125.1.193]) by ietf-mx with esmtp (Exim 4.12) id 19Y2BU-0005Ia-00 for asrg@ietf.org; Thu, 03 Jul 2003 07:23:29 -0400
Received: from [158.125.1.117] (helo=studentpop1.lboro.ac.uk ident=root) by bill.lut.ac.uk with esmtp (Exim 4.14) id 19Y2BU-0004A6-1h for asrg@ietf.org; Thu, 03 Jul 2003 12:23:28 +0100
Received: from [158.125.1.123] (helo=bod.lut.ac.uk) by studentpop1.lboro.ac.uk with esmtp (Exim 3.13 #1) id 19Y2BT-0002r7-00 for asrg@ietf.org; Thu, 03 Jul 2003 12:23:27 +0100
Received: from apache by bod.lut.ac.uk with local (Exim 4.12) id 19Y2BT-0003A2-00 for asrg@ietf.org; Thu, 03 Jul 2003 12:23:27 +0100
To: asrg@ietf.org
Subject: Re: [Asrg] Maintaining Anonymity in an Authenticated System
Message-ID: <1057231407.3f04122febaa2@student-webmail.lboro.ac.uk>
From: Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.8
X-Originating-IP: 194.196.110.14
X-Spam-Score: 0.4 (/)
X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *19Y2BU-0004A6-1h*W5kXXoA9oqw*
X-Lboro-Filtered: bill.lut.ac.uk, Thu, 03 Jul 2003 12:23:28 +0100
Content-Transfer-Encoding: 8bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 03 Jul 2003 11:23:27 +0000
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit

>In all the discussion of authenticating individual senders rather than 
>the servers and MTAs they're using, we've all forgotten that there are 
>circumstances in which anonymity is a requirement.  Think of corporate 
>whistle-blowing situations, in which someone wishes to send an anonymous 
>message to an entity like a media organization or the SEC.  In a world 
>in which all transmissions are undeniably authenticated to a sender, 
>this becomes impossible.
>
>Anonymous transmission is indeed a feature of our current systems, not a 
>bug.  Any new system or authentication layer on top of what already 
>exists needs to maintain that.

As I understand it, most of the proposals of that nature are about tying 
messages to a specific e-mail address. Just because you can trace a message 
back to a certain address does not necessarily mean you can identify the human 
being who sent it.

I could sign up for a fully-traced mail account and then use an anonymising 
proxy service to access it. Providing the mail service didn't check that the 
personal details I supply are correct (as far as I know, few mail services do), 
I could easily sign up with a false name and details.

This would be especially simple for webmail accounts via anonymous web proxy 
(e.g. anonymizer.com) so that tracing the originating IP address would not be 
helpful. And if the mail service itself did not have my real personal details 
(because I wouldn't supply genuine ones) then how could anyone know who sent it?

This is just an example, but there are many technical methods people can use to 
protect their physical identity.

I'm not necessarily in favour of authentication schemes, in fact I've yet to be 
persuaded either way so I've no personal axe to grind. I just wanted to point 
out that "e-mail address != person".

Andrew

_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email