Re: [ANN] M.0.0.3rc2: Reply block issue

[Roger Dingledine <arma@mit.edu>]

On Tue, Feb 18, 2003 at 02:03:15PM -0500, George Danezis wrote:
> Roger and Nick are good friends and believe that Grace and Glory are 
> actually the same woman (well man in this case). In order to test this 
> Nick gives his reply block to Roger, who using it writes an email to 
> Glory. I receive the email, as Glory, and I reply as if nothing wrong had 
> happened. Therefore their hypothesis that Grace is indeed Glory is 
> confirmed. 

Good attack.

> The solution to this problem is to 'bound' SURBS to particular pseudonyms 
> (in a very loose sense). Therefore in the TAG field of the SURB I include 
> 'To: Glory' and 'To: Grace' respectively. When I receive the email from 
> Roger, writing to Glory, the decoded messages is clearly addressed 'To: 
> Grace' and this cannot be modified by the network. Therefore I know that I 
> should reply saying 'I am sorry Roger you must be mistaken. I am not 
> Glory, but Grace'.

So this checking is done by the human? Should we leave it entirely
to the human, or should the software 'manage' pseudonyms and do some
automated checking?

--Roger