Anonymous Voting Guide for NetBSD Board Elections

Anonymous Voting Guide for NetBSD Board Elections
Jeremy Cooper, August 2002


Introduction


Gentle Developer:

Hello, I am your Vote Validator for the NetBSD Foundation's 2002 Board of
Directors election.  This guide, prepared specially for this event,
outlines methods you can use to vote anonymously in this election if you
so choose. I have a public PGP key with which I will sign all voting
results, and can also be used by you to encrypt your vote irrespective of
your choice to send it anonymously.  My key can be found in three places:

1) In my home directory on cvs.NetBSD.org:~jeremy/pgp-key

2) At keyserver.net: http://www.keyserver.net/en/  (jeremy@baymoo.org)

3) My personal website: http://simon.baymoo.org/~jeremy/pgp-key.asc

This guide assumes that you have already received your Voting Key and the
message that accompanies it, which describes how to format your vote and
where to send it for this election.


Why Vote Anonymously?


As a voting member of the NetBSD foundation you are entitled, but not
required, to vote for the NetBSD board in a manner which makes your vote
anonymous.  As an anonymous voter your vote is counted equally as any
other vote; there is no penalty for voting anonymously.  Additionally, the
choice to vote anonymously is a personal one; there are no technical
reasons which require it.

This guide outlines two methods for sending your vote anonymously if you
so choose: remailer-based anonymous e-mail, and web-based anonymous
e-mail.




1. Remailer-based Anonymous E-mail
==================================




Remailer-based anonymous e-mail is sent by sending e-mail messages through
a chain of independently operated "remailers" hosted by volunteers on the
Internet.  When used correctly, remailer-based anonymous e-mail can assure
your anonymity quite well even if one or more of the remailers in the
chain are intent on revealing your identity.

There are two popular remailer protocols in use.  The first and oldest is
the Cypherpunk remailer protocol, which is the easiest protocol to adopt
by hand.  The second and newer protocol is Mixmaster, which requires
specialized client software due to its binary format.  The (relative) ease
of using Cypherpunk is pitted against the added security of Mixmaster.
(Mixmaster is more resistant to traffic analysis.)

Since the Cypherpunk protocol does not require a specialized client to use
and the privacy needed for this election arguably does not hinge on life
or death, we will only describe the Cypherpunk protocol in this document.
Do not let the absence of instructions dissuade you from using Mixmaster
if you so wish.


The Cypherpunk Remailer Protocol


The Cypherpunk remailer protocol is an entirely ASCII-based protocol
composed of easy-to-read RFC822 e-mail messages.  To send an anonymous
e-mail message using the Cypherpunk protocol you choose a remailer chain,
compose and encrypt your message, and send it to the first mailer in your
chosen chain.


1.1 Choosing a Remailer Chain
-----------------------------

The anonymity that your receive when using the Cypherpunk remailer
protocol is based on your careful creation of a list of remailers that you
select to deliver your message.  We will call this list of remailers the
"remailer chain" because that is what is resembles.

1.1.1 Constructing the Chain

To construct the chain, create a list of remailers by selecting them from
a public remailer list (found below).  There is a balance you must achieve
when constructing your list: delivery assurance vs. security.  If you
choose too many remailers you run the risk that one of them is not be
operating, and hence, your message will not be delivered at all.  If you
choose too few, you run the risk that your message may not remain
anonymous.

1.1.2 How many Remailers is Practical?

What's a practical number of remailers to use for NetBSD board election
votes? Since your life is probably not in danger if your identity is
revealed during the voting process, and the value of revealing your
identity is intrinsically low, a list of two or three remailers is probably
more than sufficient.

(Security Side-bar)

        The security of the Cypherpunks remailer protocol derives from the
        trustworthiness of the mailers in your remailer chain.  Theoretically,
        your message will remain anonymous so long as at least one remailer
        in your chain is trustworthy (that is, it does not divulge your
        identity nor keep records that would allow it to divulge your identity
        in the future).

1.1.3 Choosing Remailers

A good list of public remailers supporting the Cypherpunk protocol can be
found at:

http://anon.efga.org/Remailers/TypeIList

The list found on that page may appear strangely formatted at first.
There are two keys to deciphering it.  First, each remailer has chosen an
informal nickname for itself (such as 'freaky', or 'cthulu').  Second,
each remailer may support several remailing protocols and features.
Choose remailers that:

1) Support the 'cpunk' (Cypherpunk Protocol) option.
2) Have a good response time.  (Found at the bottom of the page).


1.2 Obtaining Remailer PGP Keys
-------------------------------

Once you have chosen your desired remailer chain you are ready to obtain
the PGP keys of each remailer.  Do so by sending an empty bodied message
to each remailer with a subject line of 'remailer-key'.

To: <remailer-address>
Subject: remailer-key

In a short while, you will receive the remailer's public PGP key.  Save
this PGP key and add it to your public key-ring.


1.3 Composing and Sending the Message
-------------------------------------

Once you have chosen your remailer chain and obtained the public PGP keys
for each remailer, you are ready to compose your message.  To compose your
message you will follow an iterative process of encryption and header
adjustment. In the end, you will have a PGP message constructed of several
layers of remailing commands and further PGP messages.

Since this most important step of the mailing process can be cumbersome to
execute and easy to screw up, I will illustrate its execution in two ways
-- first, as step by step instructions written from the perspective of an
e-mail sender, and second from the perspective of a Cypherpunks remailer
itself. It may be helpful to read both perspectives to gain a clear
understanding of the process.  In doing so you will be less likely to
botch your request by encrypting it with the wrong key in the wrong step,
or misplacing a crucial remailer header, for example.

                          SENDER'S PERSPECTIVE


1.3.1 Compose the Message (your NetBSD vote)

First, create an ASCII file with your anonymous message.  (In this case,
your vote electing or declining the board slate).  Don't include any
e-mail headers in this message; just treat it as though it were a message
body.  Example:

  =========================================
  Voting Key: a017c7934cd55f3772964af995c7aee8
  Confirmation Code: c12b179e0174681539f53695f315863a
  Vote: approve
  =========================================

1.3.2 Encrypt the Message With the Validator's Key

Next, PGP encrypt the message with the vote validator's public PGP key.
(GnuPG example:)

  % gpg -ear valitator@address vote.txt
  (file vote.txt.asc created)

Now you are ready to begin the iteration process.  In the steps below, the
variable 'next-recipient' is initially set to the vote validator's e-mail
address.

1.3.3 Add Remailer Headers, Encrypt, Repeat

Now you are ready for the most tedious part of the remailer process:
iteratively encrypting and adding commands to your message so that it will
be sent through the remailer chain.  In this step we assume that you have
already obtained the PGP keys for each remailer in your chain and that you
have created the message you wish to send in a file named 'vote.txt.asc'.

You will work this process BACKWARDS through the list of remailers in your
remailer chain.  In the steps below, the variable 'current-remailer'
refers initially to the LAST remailer in your chain (since you are working
backwards). As you progress through the steps, 'current-remailer' will
take on progressively earlier remailers in the chain.

1) Add a resend request header.

   Take the PGP encrypted message assembled from the previous step and add
   a resend request header, and a PGP decrypt command.  The resend request
   header directs the remailer to anonymously pass the remainder of the
   message to the recipient listed, and the PGP decrypt command directs
   the recipient to decrypt the message when it arrives.  An example of
   these headers and commands follows.

   (Remailer request to next-recipient)
   =========================================
   Request-Remailing-To: <next-recipient>

   ::
   Encrypted: PGP

   ---BEGIN ENCRYPTED MESSAGE---
   .......................
   ---END ENCRYPTED MESSAGE---
   =========================================

   (Note: if the 'next-recipient' is the vote validator you needn't include
    the '::' and 'Encrypted: PGP' commands.  The validator, being at least
    not a remailer, understands that the contents of the message
    implicitly need decrypting).

2) Encrypt the resulting request with current-remailer's public PGP key.
   (GnuPG example:)

     % gpg -ear remailer@address vote.txt.asc
     (file vote.txt.asc.asc created)

   (Request, encrypted with current-remailer's public PGP key)
   =========================================
   ---BEGIN ENCRYPTED MESSAGE---
   .......................
   ---END ENCRYPTED MESSAGE---
   =========================================

3) Advance remailers.  Make 'next-recipient' be the current-remailer's
   e-mail address.  Then make 'current-remailer' be the next remailer in
   your chain (working backwards).

   Have you exhausted the remailer list at this point?  (That is, is
   there no 'current-remailer' left?)  If you HAVE NOT exhausted your
   remailer list, take the encrypted text from the last step and go to
   [step 1].

   If you HAVE exhausted your remailer list, tack on a decrypt command
   to the message and send it to the e-mail address of the first remailer
   in your chain.  You are done!

   (Final step.  Message to first remailer)
   =========================================
   ::
   Encrypted: PGP

   ---BEGIN ENCRYPTED MESSAGE---
   .......................
   ---END ENCRYPTED MESSAGE---
   =========================================


                          REMAILER'S PERSPECTIVE


1.3.4  Cypherpunk Message Format

If the steps in the previous section seemed confusing, it may help you to
read this section.  In it we present the view the remailing process from
the perspective of a single Cypherpunk remailer as it processes an
anonymous message.  The first step in relating to this perspective is to
understand the Cypherpunks format.

1.3.4.1 Reception and First Stage Processing

Example received message:
=========================================
Received: from host1.domain1.tld (host1.domain1.tld [300.300.300.300])
        by host2.domain2.tld (8.12.3/8.12.3) with ESMTP id g7JHtIkf092872
        for <remailer@host2>; Mon, 19 Aug 2002 10:55:19 -0700 (PDT)
        (envelope-from remailer@host1)
Date: Mon, 19 Aug 2002 10:55:02 -0700 (PDT)
From: Anonymous entity <remailer@host1>
To: Anonymous remailer <remailer@host2>
Message-Id: <20020819105448.F97306-100000@host1>

::
Encrypted: PGP

---BEGIN ENCRYPTED MESSAGE---
.............................
---END ENCRYPTED MESSAGE---
=========================================

Upon receipt of an e-mail message, a Cypherpunks remailer first takes the
RFC822 headers of the message and THROWS THEM AWAY.  This leaves the
remaining message body (if present at all).

After first stage processing:
=========================================
::
Encrypted: PGP

---BEGIN ENCRYPTED MESSAGE---
.............................
---END ENCRYPTED MESSAGE---
=========================================

1.3.4.2 Command Scan

This remaining message body is then scanned for one of two items. First,
it is checked for further RFC822-style headers (such as
'Request-Remailing-To'.)  If no RFC822-style headers are found, the
remailer then scans for a double colon ('::') line, which signifies the
beginning of remailer commands.

There are several remailer commands, but the two most important are the
'Anon-To:' and the 'Encrypted: PGP' commands.  The Anon-To command directs
the remailer to forward the remainder of the message on to the specified
address.  The Encrypted command, on the other hand, directs the remailer
to decrypt the remainder of the message with its own public PGP key.  The
resulting plaintext message is then recursively processed as above. (Note:
The 'Request-Remailing-To' HEADER and the 'Anon-To' COMMAND accomplish the
same task.  Only one or the other is needed).

1.3.4.3 PGP Decryption

Let us continue the example message above by pretending that the encrypted
message contained in the request above was decoded and revealed the
following plaintext:

Plaintext of encrypted message:
=========================================
Request-Remailing-To: <remailer@host3>

::
Encrypted: PGP

---BEGIN ENCRYPTED MESSAGE2---
..............................
---END ENCRYPTED MESSAGE2---
=========================================

The remailer processes this message using the same criteria in steps
1.3.4.2 and 1.3.4.3.  Specifically, this message contains an RFC822-style
header 'Request-Remailing-To' and that header appears before any blank
lines in the message.  Therefore, it is obeyed.  All command scanning
stops and the remainder of the message is mailed anonymously to
<remailer@host3>.

Let's also illustrate another possible plaintext.  This plaintext
accomplishes the same task, but instead of using the
'Request-Remailing-To' HEADER, it uses the 'Anon-To' COMMAND.

Another valid plaintext of encrypted message:
=========================================

::
Anon-To: <remailer@host3>

::
Encrypted: PGP

---BEGIN ENCRYPTED MESSAGE2---
..............................
---END ENCRYPTED MESSAGE2---
=========================================

When processed, this example message has a BLANK LINE as the first line
in the message.  This indicates to the remailer that there are no RFC822-style
headers in the message.  Therefore, the remailer continues scanning the message
until it reaches the first double colon mark ('::') on the second line.
The remailer then interprets the 'Anon-To' command and mails the remainder
of the message anonymously to <remailer@host3>.

In both of these examples ENCRYPTED MESSAGE 2 presumably contains further
encrypted instructions and messages to be consumed by the next remailer
in the chain.



2. Web-based Anonymous E-mail
=============================



If you dislike the hassle of preparing a properly formatted Cypherpunk
chained-remailer message and are willing to settle for less assurance of
anonymity, you might choose to use a web-based anonymous remailer.  Two
are listed below.

https://riot.EU.org/anon/remailer.html
http://www.no-id.com/remail.cgi

The decreased assurance of anonymity in using such remailers is that they
cannot be chained.



3. Conclusion
=============



Whichever method you choose to make your vote anonymous (even if you choose
none at all!), please exercise your right to vote!

Thank you,
The 2002 NetBSD Board Election Vote Validator


Back to  the NetBSD Foundation Inc. page

(contact us)   Generated from %NetBSD: anon-remailer-guide.xml,v 1.3 2005/07/16 17:13:36 heinz Exp %
Copyright © 1994-2006 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
NetBSD® is a registered trademark of The NetBSD Foundation, Inc.