The basic principle behind hash cash is to prove that some limited resource
has been expended to create a message.
The problem with using CPU power is that it is a variable quantity that is
subject to exponential increase in availability, inflation is a real
problem.
A more satisfactory alternative in my view is to use trusted hardware, then
the limitation on use can be set independent of the processor capability.
You can also have a lot of variance in the application.
There are a couple of problems, first trustworthy hardware is pretty rare
these days, I do not think that we require FIPS 140 class 3 hardening for
spam control because compromise is inevitable and some form of revocation
mechanism is going to be required.
ObDisclaimer: VeriSign has intellectual property claims on this mechanism.
This post does not constitute any grant.
I do not believe that the IP claims would be an issue in practice, even for
open source software since any licensing would be tied to the hardware there
would be no incentive to require licensing of the software component. I do
not anticipate that licensing fees would be substantially different to the
existing cost of issuing embedded device keys. Every new cable modem has
these keys embedded now.
The subtler cost issue is that although the license fee would be modest you
do not want the cost of the device to be modest. As a minimum the device
should cost about $50 or preferably $100. So you really want to embed the
technology into a device such as a firewall, router, cable modem or
motherboard. You do not want spammers being able to defeat the system by
buying $5 smart tokens in bulk.
-----Original Message-----
From: Eric S. Raymond [mailto:esr(_at_)thyrsus(_dot_)com]
Sent: Friday, November 14, 2003 4:27 PM
To: David Maxwell
Cc: Yakov Shafranovich; Eric S. Raymond; asrg(_at_)ietf(_dot_)org
Subject: Re: 8a. Evaluation Model - Proposed Changes to Tech. Cons.
Document (was Re: [Asrg] Proposed addition to
draft-crocker-spam-techconsider-02.txt)
David Maxwell <david(_at_)crlf(_dot_)net>:
Another issue is that [hash-cash] begins a trend of
requiring CPU power to
participate in the Internet.
That's a bad thing for people who want to provide
inexpensive computing
to third world countries, and for the retro-computing crowd.
Once Hashcash became widely used, CPU vendors would have an
incentive to
encourage spam, in order to push the rate of 'stamps' up, and make
people upgrade their machines. For the single home user, it wouldn't
matter so much, but I run some mailing-lists for friends...
Basing an anti-spam mechanism on technology have/have-nots
would seem to
be a difficult balance to achieve, when the spammers have financial
incentive, and I don't.
These are damn good, solid points.
I'm still in favor of acknowledging the existence of
hash-cash ideas in the
challenge-response section, but you've done an excellent job
of arguing
that they're not actually a good idea.
On the gripping hand, this argument is out of scope for the document.
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg