ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping)

2003-03-24 08:58:23
from [Hallam-Baker, Phillip] [Permanent Link] 


There are reasons why after at least 6 months the hashcash proposals
are still only ideas.


Hashcach is fundamentally flawed. Cool and interesting, but doomed.

Authenticating headers opportunistically can work. Baby steps. 


Hashcash is essentially an authorization step, the authorization 
is implicit in spending the time required to send the email.

There is a hierarchy of approaches here.

Authentication                  - Simplest, lowest cost
Authentication + Whitelists     - more maintenance
Non-convertible cash schemes    - require state maintenance
Convertible cash schemes        - require settlements

Convertible cash schemes are very complex as they require settlements
and that is expensive - none of the existing settlement systems in use
today can manage trades for less than tens of cents per transaction.
Convertible cash schemes also involve a new fraud incentive.


The problem I have believing the cash schemes is that the spam senders 
appear to be willing to spend more to create garbage than many users.

Rememberthat 'Authentication' here could involve moving to a pull
protocol rather than a push protocol FOR CERTAIN APPLICATIONS. Here 
NNTP with limited posting rights is a posibility, although its 
failure to manage spam on Usenet means that many will dismiss it, 
probably unfairly. Another possibility is RSS.

There is only a subset of messaging that can be managed that 
way unfortunately. Mailing lists, alerts, newsletters, etc. But
we are not going to find a silver bullet, we need to address each
use independently and accept that there will be need for different 
approaches.

One interesting approach would be to combine RSS with a notification
pig via UDP. So the user subscribes to a stream, the stream says 
something like 'i update every 15 minutes, hour, day, whatever'. The
user can poll, or the user can wait for a UDP packet that gives the 
serial number of the last update, thus allowing updates earlier than
the indicator says.

This system can be made quite robust, unsolicited packets are simply
ignored as there is no point unless there is a subcription. If a user
stops downloading the feed for some time the sender can simply delete
the user's account and stop sending the udp packets.

This type of scheme could operate in parallel as a feature of a 
traditional mailing list agent.

                Phill 
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Update to DS Protocol draft, David Walker
Next by Date:  Re: [Asrg] Requirements for gathering statistics, Alan DeKok
Previous by Thread:  Re: [Asrg] Re: "HashStamp" == hashcash? (Re: Stamping), Jamie Lawrence
Next by Thread:  [Asrg] Anybody interested in joining me on a VoIP spam session, Apr 2, San Jose, Brad Templeton
Indexes:  [Date] [Thread] [Top] [All Lists]