[Remops] Proposed change to RAB process

[Bananasplit Admin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi all,

The current solution for accessing the rab.blk (Remailer Abuse
Blocklist) is to issue remops with a userid and password in order to
download the file.  As someone (on apa-s) pointed out, this implies
trust on the part of the remop not to divulge the list.  It also makes
work for the RAB operator who has to maintain the access list of people
who can download the file.

A proposed alternate solution is for the list to contain hashes of the
email addresses rather than the addresses themselves.  This solves the
issues above, but does mean a change to Mixmaster in order to generate a
hash of the recipients to check for a collision against the rab.blk
hash-list.

Of course, if a hash collision does occur, the remop would know a given
address was on the list, but it's still IMO a considerable improvement
on the current plain-text solution.

Any comments?

- -- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG8RzelKZ6CY7Vd0MRClcyAJ4pkG9s0GG5ob41GrCcIVM1dK0mpwCg4SHh
G5h+bHPMEbmg4eeGRTH+JvE=
=kFHs
-----END PGP SIGNATURE-----