ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] My Suggestion - HashCash + whitelist/auth

2003-03-05 17:38:23
from [Adam Back] [Permanent Link] 
While I like hashcash+white lists (being hashcash inventer;-), I think
using signatures for white lists is acutally a bad thing.

You as a user don't want to sign every mail you send.  That removes
your plausible deniability.  You can then be pulled into some bogus
court case or defamation case based on this true-name signed email.
It happens frequently enough.  You're not intending casual
communications and email frequently gets heated in flame wars etc to
be legally binding documents, or things that can come back to haunt
you later.

Similarly various companies have learnt that signing everything could
be a bad idea, even retaining everything can lead to problems --
discovery process etc.

So while signing does indeed allow you to better identify the sender,
bear in mind also that it is a side-effect which breaks some of the
existing functionality of email: the relative anonymity of email,
especially with hotmail accounts, etc. compared to ISP accounts where
you may have given a credit card anyway.  And in addition even with
ISP accounts, your identity is not readily available, someone has to
get a court-order for the ISP to hand it over.  They will not always
hand the info over easily either.


Identity is not the problem we're trying to solve.  We're trying to
reduce spam.  While identity can be used to add accountability, and
therefore the hope that this would reduce spam as penalties could
perhaps be better imposed, we should recognize that it has the above
unintended negative consequences.

In addition I'd argue it's not even clear that accountability via
identity of the level that could reasonably extracted for a low cost
email account, or a free web-web account would be sufficient to
reasonably deter a spammer.  Good identification costs money, so
likely relatively cheap identification will be used, and cheap
identification is likely easy for financially motivated spammers to
break.

So of course you did say that users could by pass need for identity by
sending tokens, but I think a lower fallout approach to white listing
is to white list on first response by recipient, either at the
recipient side, or via some kind of re-usable white-list token
returned to the sender.  Then no identity infrastructure is required,
no user privacy is lost, and I would think equal amounts of spam
protection are provided.

Adam

On Thu, Mar 06, 2003 at 01:03:51AM +0200, ietf(_at_)alon(_dot_)wox(_dot_)org 
wrote:

  One major problem with detecting spam is that it is hard to seperate bulk
mail from legitimate mail for unknown senders. Therefore, I suggest the
following two-part system:

 1. Unauthenticated senders will be required to add a token to their mail
    indicating some amount of computation performed, specific to the
    message and recepient, for example - creating an n-bit hash collission
    with the message.
    Messages without this token are returned with an explantion to the
    sender, and perhaps with a human-verification fallback (such as
    detecting letters in an image).

 2. When signing up to a legitimate bulk mailer (mailing list, website,
    etc.) you either send a signed certificate with the bulk mailer's public
    key permiting him to send you mail, or add his public key to your
    whitelist. The same can be done for friends.

  The MUA should know if the recepient is on a whitelist by some means.
Also, the MUA should know how much work needs to be done, this can be done
by modifying the email address to something like me(_at_)myhost(_dot_)com#10, 
which
means 10 bits of hashcash are required to send mail.

  This method requires the following updates:

 1. A user wishing to enjoy spamfree email must use a compatible MUA.
 2. Bulk-mailers must upgrade their systems to send signed mails. This can
    be overcome in the short term using From: whitelisting.
 3. An email address should be allowed to have "#n" in the end. It's not
    required in the transitional phase.
 4. The MUA of legitimate unauthenticaed senders should be configured to
    generate the hashcash. In the transitional phase, other human-detection
    methods will be used,

  Alon

-- 
This message was sent by Alon Altman (alon(_at_)alon(_dot_)wox(_dot_)org) 
ICQ:1366540
The RIGHT way to contact me is by e-mail. I am otherwise nonexistent :)
--------------------------------------------------------------------------
 -=[ Random Fortune ]=-
design, v.:
      What you regret not doing later on.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Time for the ISPs to fight back!, Fred Baker
Next by Date:  Re: Patents (was Re: [Asrg] Time for the ISPs to fight back!), David F. Skoll
Previous by Thread:  [Asrg] My Suggestion - HashCash + whitelist/auth, ietf
Next by Thread:  Re: [Asrg] My Suggestion - HashCash + whitelist/auth, Vernon Schryver
Indexes:  [Date] [Thread] [Top] [All Lists]