ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Hashstamp-like proposal

2003-03-24 04:29:27
from [David Finnie] [Permanent Link] 
For those of you who have tossed around the idea of a hash-stamp or other 
type of stamping protocol, I implore you to check out this proposal.  I 
believe it to be very close to a workable solution, if not one, for 
limiting any type of undesired network communication, but specifically 
eliminating SPAM E-Mail.  I know I've thrown this idea out once before but 
I only received a few responses from people who completely read the 
proposal and understood it's workings.  A web page has been put up 
explaining the idea at http://meor.xwarzone.com/overview.htm  For those of 
you that have read it before, a few paragraphs have been added to the 
beginning of the proposal to more properly introduce the concept and make 
it easier to follow.


I see several potential problems with this method - most importantly
(see below), that I think it can be circumvented by spammers:

- it is patented. Admittedly a free licence is granted for free
  software, but it is fairly clear that's not the case for "for sale"
  software.

- the last time I checked, DSA is patented. I don't know what the
  situation is at the moment re. licensing DSA technologies.

- it doesn't actually "eliminate" spam - spammers may still choose to
  wear the cost of computation. From my reading of the protocol, after
  they succeed in cracking the weak cypher key, the spam message is
  still delivered. That's different to my definition of "eliminate".

- a distribution list could be the way spammers get around this protocol:

  spammer joins ASRG list, starts collecting names

  since ASRG mail server is sending messages to us, it includes its
  public key and a signed piece of info in every message. 

  spammer gathers 1 or more of these signed pieces of info, and send a
  message to the recipients of the list, using the ASRG mail server's
  public key and signed piece of info. Since all of us have (of
  course) included ASRG in our white list, the spammers messages get
  through with no challenge/computation effort.

  Have I missed something ?

Dave
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] keeping it accurate, Matt Sergeant
Next by Date:  Re: [Asrg] Update to DS Protocol draft, Daniel Feenberg
Previous by Thread:  Re: [Asrg] Hashstamp-like proposal, Brad Templeton
Next by Thread:  Re: [Asrg] Hashstamp-like proposal, meor
Indexes:  [Date] [Thread] [Top] [All Lists]