RE: More thoughts on From: lines

["Lucky Green" <shamrock@cypherpunks.to>]

Len wrote:
> I would be happy with a number of solutions, including 
> accepting this risk; permitting the nym server to forward 
> mail to an exit remailer to be delivered, which would trust 
> the nym server's From: line; requiring that the client always 
> place the nym server second to last in the chain when doing 
> nym mail, so that the user can pick the exit node which in 
> turn can trust the From:; etc.

It is not entirely clear to me that we have identified all potential
risks in requiring a nym to use its nym server as the exit hop. The
solution may well be perfectly fine; I just believe that spending a bit
more analysis might be desirable.

This is may be obvious, but I still would like to mention that if the
nym server forwards the email to other hops before it is delivered to
the final recipient, then the requirement to  securely authenticate a
sender to the remailer becomes a requirement to securely authenticate a
particular nym server to defend against rogue nym servers.

> I think that doing more complex nym authentication by exit 
> nodes is unnecessarily adding complexity to the system. 
> Having exit nodes believe nym servers' From: lines should be 
> fine. If the nym server is naughty, this is a relatively low 
> risk way of discovering that.
> 
> > This of course triggers an additional requirement on the client to 
> > ensure that outbound nym email is always routed through an 
> nym server 
> > as the exit hop.
> 
> Yes. That would be done for the user by the client. After the 
> user opens a given nym profile, the client knows all it needs 
> to to make this work.

Yes. Which in turn requires the mixminion client to be aware of nym
profiles.

--Lucky