Re: [Asrg] Maintaining Anonymity in an Authenticated System
Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk> Thu, 03 July 2003 11:24 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06605 for <asrg-archive@odin.ietf.org>; Thu, 3 Jul 2003 07:24:38 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2C7-0008Fc-SS for asrg-archive@odin.ietf.org; Thu, 03 Jul 2003 07:24:08 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h63BO7m1031716 for asrg-archive@odin.ietf.org; Thu, 3 Jul 2003 07:24:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2C7-0008FT-PS for asrg-web-archive@optimus.ietf.org; Thu, 03 Jul 2003 07:24:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06575; Thu, 3 Jul 2003 07:24:07 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y2C7-0005JG-00; Thu, 03 Jul 2003 07:24:07 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Y2C6-0005JD-00; Thu, 03 Jul 2003 07:24:06 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2C1-0008Bs-Ol; Thu, 03 Jul 2003 07:24:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2BW-0008BY-Kz for asrg@optimus.ietf.org; Thu, 03 Jul 2003 07:23:30 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA06504 for <asrg@ietf.org>; Thu, 3 Jul 2003 07:23:29 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y2BV-0005Id-00 for asrg@ietf.org; Thu, 03 Jul 2003 07:23:29 -0400
Received: from bill.lut.ac.uk ([158.125.1.193]) by ietf-mx with esmtp (Exim 4.12) id 19Y2BU-0005Ia-00 for asrg@ietf.org; Thu, 03 Jul 2003 07:23:29 -0400
Received: from [158.125.1.117] (helo=studentpop1.lboro.ac.uk ident=root) by bill.lut.ac.uk with esmtp (Exim 4.14) id 19Y2BU-0004A6-1h for asrg@ietf.org; Thu, 03 Jul 2003 12:23:28 +0100
Received: from [158.125.1.123] (helo=bod.lut.ac.uk) by studentpop1.lboro.ac.uk with esmtp (Exim 3.13 #1) id 19Y2BT-0002r7-00 for asrg@ietf.org; Thu, 03 Jul 2003 12:23:27 +0100
Received: from apache by bod.lut.ac.uk with local (Exim 4.12) id 19Y2BT-0003A2-00 for asrg@ietf.org; Thu, 03 Jul 2003 12:23:27 +0100
To: asrg@ietf.org
Subject: Re: [Asrg] Maintaining Anonymity in an Authenticated System
Message-ID: <1057231407.3f04122febaa2@student-webmail.lboro.ac.uk>
From: Andrew Akehurst <A.D.Akehurst-99@student.lboro.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
User-Agent: IMP/PHP IMAP webmail program 2.2.8
X-Originating-IP: 194.196.110.14
X-Spam-Score: 0.4 (/)
X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/) *19Y2BU-0004A6-1h*W5kXXoA9oqw*
X-Lboro-Filtered: bill.lut.ac.uk, Thu, 03 Jul 2003 12:23:28 +0100
Content-Transfer-Encoding: 8bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 03 Jul 2003 11:23:27 +0000
Content-Transfer-Encoding: 8bit
Content-Transfer-Encoding: 8bit
>In all the discussion of authenticating individual senders rather than >the servers and MTAs they're using, we've all forgotten that there are >circumstances in which anonymity is a requirement. Think of corporate >whistle-blowing situations, in which someone wishes to send an anonymous >message to an entity like a media organization or the SEC. In a world >in which all transmissions are undeniably authenticated to a sender, >this becomes impossible. > >Anonymous transmission is indeed a feature of our current systems, not a >bug. Any new system or authentication layer on top of what already >exists needs to maintain that. As I understand it, most of the proposals of that nature are about tying messages to a specific e-mail address. Just because you can trace a message back to a certain address does not necessarily mean you can identify the human being who sent it. I could sign up for a fully-traced mail account and then use an anonymising proxy service to access it. Providing the mail service didn't check that the personal details I supply are correct (as far as I know, few mail services do), I could easily sign up with a false name and details. This would be especially simple for webmail accounts via anonymous web proxy (e.g. anonymizer.com) so that tracing the originating IP address would not be helpful. And if the mail service itself did not have my real personal details (because I wouldn't supply genuine ones) then how could anyone know who sent it? This is just an example, but there are many technical methods people can use to protect their physical identity. I'm not necessarily in favour of authentication schemes, in fact I've yet to be persuaded either way so I've no personal axe to grind. I just wanted to point out that "e-mail address != person". Andrew _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Maintaining Anonymity in an Authenticated … Philip Miller
- [Asrg] 3. Requirements - Support for Anonymity (R… Yakov Shafranovich
- Re: [Asrg] Maintaining Anonymity in an Authentica… Andrew Akehurst
- Re: [Asrg] Maintaining Anonymity in an Authentica… Spencer Dawkins
- Re: [Asrg] Maintaining Anonymity in an Authentica… Andrew Akehurst
- Re: [Asrg] Maintaining Anonymity in an Authentica… Steve Schear
- Re: [Asrg] Maintaining Anonymity in an Authentica… Andrew Akehurst
- Re: [Asrg] Maintaining Anonymity in an Authentica… Yakov Shafranovich