ietf-asrg
[Top] [All Lists]

Re: [Asrg] My take on e-postage

2004-04-25 21:48:50
Why?  Simply because all the hashcash protocols I've seen outlined,
or that I've thought of, involve some kind of challenge by the
recipient which must be answered by the "payer".  A simple example
might be "find a data blob whose SHA-1 hash has these 20 bits set to
these values".
Simple attempt (which probably won't work, but would take me a few
hours to figure out why):  "The message, including the timestamp
(which must be accurate to 10 seconds and only one is accepted per 10
seconds) and including From and Envelope-To (same as To) must have
the first 20 bits of its MD5 equal to 10101010101010101010;

You can't do the work once for many recipients because the recipient
is included in the hash;

Right.

and you can't re-use it because of the timestamp.

Not quite that simple.

If the timestamp must match the time of the SMTP handoff, then you have
to recompute the hashcash for every retry (and are vulnerable to
unusually slow SMTP connections or recipient clocks set wrong); if the
timestamp need not match the time of the SMTP handoff, you are
vulnerable to backdated reuse.

You may be on to something here, though.  How about:

        The MD5 of the envelope-from, the envelope-to, the From:, To:,
        Message-Id:, and X-HashCash: headers, in that order,
        concatenated with the entire message body, must begin with
        however many 0 bits the recipient requires.

I think that addresses the issue.  Thank you.  (Replay isn't, I think,
much of an issue, when you can replay only whole messages including the
envelope.)

Of course, it still suffers from the usual problems endemic to all
hashcash, notably the very wide variety in CPU speeds out there.
J. Random Hacker in Outer Slobbovia running on a half-lung salvaged
68020 will be utterly blocked by hashcash values high enough to be even
noticed by Evil Q. Spammer's late-model 8-CPU 18GHz Hexium.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               
mouse(_at_)rodents(_dot_)montreal(_dot_)qc(_dot_)ca
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg