For those of you who have tossed around the idea of a hash-stamp or other
type of stamping protocol, I implore you to check out this proposal. I
believe it to be very close to a workable solution, if not one, for
limiting any type of undesired network communication, but specifically
eliminating SPAM E-Mail. I know I've thrown this idea out once before but
I only received a few responses from people who completely read the
proposal and understood it's workings. A web page has been put up
explaining the idea at http://meor.xwarzone.com/overview.htm For those of
you that have read it before, a few paragraphs have been added to the
beginning of the proposal to more properly introduce the concept and make
it easier to follow.
I see several potential problems with this method - most importantly
(see below), that I think it can be circumvented by spammers:
- it is patented. Admittedly a free licence is granted for free
software, but it is fairly clear that's not the case for "for sale"
software.
- the last time I checked, DSA is patented. I don't know what the
situation is at the moment re. licensing DSA technologies.
- it doesn't actually "eliminate" spam - spammers may still choose to
wear the cost of computation. From my reading of the protocol, after
they succeed in cracking the weak cypher key, the spam message is
still delivered. That's different to my definition of "eliminate".
- a distribution list could be the way spammers get around this protocol:
spammer joins ASRG list, starts collecting names
since ASRG mail server is sending messages to us, it includes its
public key and a signed piece of info in every message.
spammer gathers 1 or more of these signed pieces of info, and send a
message to the recipients of the list, using the ASRG mail server's
public key and signed piece of info. Since all of us have (of
course) included ASRG in our white list, the spammers messages get
through with no challenge/computation effort.
Have I missed something ?
Dave
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg