Re: [Asrg] Maintaining Anonymity in an Authenticated System
"Spencer Dawkins" <spencer@mcsr-labs.org> Thu, 03 July 2003 11:51 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07552 for <asrg-archive@odin.ietf.org>; Thu, 3 Jul 2003 07:51:37 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2cF-0000bj-IE for asrg-archive@odin.ietf.org; Thu, 03 Jul 2003 07:51:08 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h63Bp7C0002332 for asrg-archive@odin.ietf.org; Thu, 3 Jul 2003 07:51:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2cF-0000bX-Bz for asrg-web-archive@optimus.ietf.org; Thu, 03 Jul 2003 07:51:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07538; Thu, 3 Jul 2003 07:51:06 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y2cE-0005Y8-00; Thu, 03 Jul 2003 07:51:06 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19Y2cD-0005Y5-00; Thu, 03 Jul 2003 07:51:05 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2cA-0000Zb-9j; Thu, 03 Jul 2003 07:51:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Y2bk-0000ZI-Ps for asrg@optimus.ietf.org; Thu, 03 Jul 2003 07:50:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA07515 for <asrg@ietf.org>; Thu, 3 Jul 2003 07:50:35 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Y2bj-0005Y0-00 for asrg@ietf.org; Thu, 03 Jul 2003 07:50:36 -0400
Received: from mx-out.daemonmail.net ([216.104.160.39]) by ietf-mx with esmtp (Exim 4.12) id 19Y2bi-0005Xx-00 for asrg@ietf.org; Thu, 03 Jul 2003 07:50:34 -0400
Received: from mx0.emailqueue.net (localhost.daemonmail.net [127.0.0.1]) by mx-out.daemonmail.net (8.9.3p2/8.9.3) with SMTP id EAA75422 for <asrg@ietf.org>; Thu, 3 Jul 2003 04:50:31 -0700 (PDT) (envelope-from spencer@mcsr-labs.org)
Received: from (12.237.229.250 [12.237.229.250]) by mail.varaha.com with SMTP id PcJ0vgP2 Thu, 03 Jul 2003 04:50:30 -0700 (PDT)
Message-ID: <061701c34159$4f2bc830$0200a8c0@DFNJGL21>
Reply-To: Spencer Dawkins <spencer@mcsr-labs.org>
From: Spencer Dawkins <spencer@mcsr-labs.org>
To: asrg@ietf.org
References: <1057231407.3f04122febaa2@student-webmail.lboro.ac.uk>
Subject: Re: [Asrg] Maintaining Anonymity in an Authenticated System
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Thu, 03 Jul 2003 06:50:32 -0500
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
----- Original Message ----- From: "Andrew Akehurst" <A.D.Akehurst-99@student.lboro.ac.uk> To: <asrg@ietf.org> Sent: Thursday, July 03, 2003 6:23 AM Subject: Re: [Asrg] Maintaining Anonymity in an Authenticated System [deleted down to] > > > >Anonymous transmission is indeed a feature of our current systems, not a > >bug. Any new system or authentication layer on top of what already > >exists needs to maintain that. > > As I understand it, most of the proposals of that nature are about tying > messages to a specific e-mail address. Just because you can trace a message > back to a certain address does not necessarily mean you can identify the human > being who sent it. Ya know, I understand what you're saying, but (1) we're going through an IPv6 exercise to say "well, maybe MAC addresses are too closely tied to people to use them as part of autoconfigured IPv6 addresses", (2) for most users of personal computers, saying "someone else must have broken into my house and sent all this child porn from my PC" has not been observed to work very well, and (3) in order to say "IP addresses != people", you would need dynamic IP addresses that don't tie to NAIs, etc. - I believe all the IP addresses I use for POP3/SMTP can be traced back to me pretty easily... if I was a charter member of al Queda I'd be more motivated to hide, but I don't think anonymous POP3/SMTP is as easy as you're making it sound. By "anonymous", I'm talking about two-way communication - more than just sending an e-mail from Bill Gates saying "I'm really excited about this quarter's earnings prospects". Simple forgery is, of course, a variant of one-way anonymous communication. > > I could sign up for a fully-traced mail account and then use an anonymising > proxy service to access it. Providing the mail service didn't check that the > personal details I supply are correct (as far as I know, few mail services do), > I could easily sign up with a false name and details. > > This would be especially simple for webmail accounts via anonymous web proxy > (e.g. anonymizer.com) so that tracing the originating IP address would not be > helpful. And if the mail service itself did not have my real personal details > (because I wouldn't supply genuine ones) then how could anyone know who sent it? > Now, this is fairly true, but is anonymity via webmail sufficient? Spencer _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] Maintaining Anonymity in an Authenticated … Philip Miller
- [Asrg] 3. Requirements - Support for Anonymity (R… Yakov Shafranovich
- Re: [Asrg] Maintaining Anonymity in an Authentica… Andrew Akehurst
- Re: [Asrg] Maintaining Anonymity in an Authentica… Spencer Dawkins
- Re: [Asrg] Maintaining Anonymity in an Authentica… Andrew Akehurst
- Re: [Asrg] Maintaining Anonymity in an Authentica… Steve Schear
- Re: [Asrg] Maintaining Anonymity in an Authentica… Andrew Akehurst
- Re: [Asrg] Maintaining Anonymity in an Authentica… Yakov Shafranovich