ietf-asrg
[Top] [All Lists]

[Asrg] Re: "HashStamp" == hashcash? (Re: Stamping)

2003-03-21 14:11:18
On Fri, 21 Mar 2003 15:37:38 -0500, Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu 
writes:

On Fri, 21 Mar 2003 14:28:31 CST, Scott A Crosby said:

Thus, I can afford to make the hashcash stamps incredibly expensive,
on the order of tens of minutes, because few messages ever use them.
..
Also, since MUA's may mint arbitrary stamps and bulk mailers may send
a control message requesting the same, bulk emailers do not require
users to implement an exception mechanism.

"Hi.. I'm a bulk mailer.  Cound you send me 5 or 10 stamps?"
"Hi.. I'm some other bulk mailer.  Could you send me 5 or 10 stamps?"

Lather, rinse, repeat.  DOS. ;)

Yup. 

I didn't want to make it any longer, so I elided out some of the
policy and UI issues.  And stamped requests should be made for 3
months of average traffic, or about 6,000 for a subscriber to this
list. :)

(Yes, it can probably be fixed/rate limited, but you're screwed if you don't
fix that problem....)

How about:

  Hi.. I'm a bulk mailer. Here's stamped request. Could you send me 5
  or 10 stamps.

So it costs a stamp (10 minutes of CPU, or a the stamp in the
subscription request) to send this message. 

There are a few policy issues that I am not going into now. For
instance, there may be a problem with unused stamps publically
viewable (mailing list archives, etc), so it might be smart policy to
only allow these requests from either recently minted stamps, hashcash
stamps, or old stamps that were previously given to that address.

If someone accepts a request and decides it was a mistake---one of the
stamps was used to send a spam---then the MUA has a 'spam' button.
Click it and the MUA forgets that the set of stamps was valid. Users
will quickly be trained to be carefull in what they accept. :)

Scott
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg