-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article
<03A0F711-A929-11D8-B336-000393863768(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk>,
Jonathan Morton <chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk> writes
however I doubt that the systems at the top of the
curve (sending lots of email per day) would have regular
correspondents.
Besides the people running mailing lists, they will be e-commerce
systems sending acknowledgements, hospitals confirming appointments,
fax
delivery systems relaying incoming messages etc.
Let's think about the statistical significance a bit. The Net-wide
average is about 3 people per host,
in the paper we calculate this as 2.5 -- but given the nature of the
figures we are using, 3 is just about as accurate :)
but most hosts have only one or two
people behind them.
hmm... I think you're forgetting how many children use the Internet
The discrepancy may well be made up for by a small
number of hosts handling very large numbers of people.
perhaps
As an example, Lancaster University provides a central UNIX-shell
cluster for all students, among the services of which was the official
e-mail system. Because it's a UNIX shell system, the mail is sent from
the members of the cluster, not from the terminal used to log on. So,
in theory, the Internet sees 10,000 students sharing three 4-way Sun
workstations (this, at least, was what the configuration used to be).
sorry, you're not counting hosts here, but MTAs. I have no global
figures on MTA populations to hand -- and I'm not sure if anyone else
has that sort of data
looking at RIPE I see that Lancaster has 144.88.0.0/16 (as well as a /20
and some IPv6 space). You aren't allowed /16s with just 4 hosts, so
though I doubt that the 10K students are actually using 64K hosts, I
suspect that the ratio of people to hosts is somewhere near the overall
Internet average
In practice, about 60% of those students are off-campus and typically
use third-party ISPs for personal correspondence anyway, and an
increasingly large proportion of the remainder use personal computers
from their rooms - but you can see the principle.
sorry, no -- the people with their own machines would generate their own
proof-of-work. It just isn't plausible to think that a central cluster
could do that for 10K legitimate users :(
And yes, I agree that this particular use-case is fairly pessimal in
terms of proof-of-work scenarios. However, intra-campus communications
are typically quite well-ordered, so (with careful management around
the beginning of the academic year) it could still be possible to use
the same three workstations in a proof-of-work world.
we disagree --- unless of course you have in mind some sort of composite
scheme where not all email carries a proof-of-work.
As I tried to make clear, we have shown that simpleminded schemes are
only marginally viable if at all -- but if you can realistically ensure
that only a small proportion of legitimate email would incur a proof-of-
work then your scheme would not fall at the first fence -- though Adam's
point about latency times in sending any email that did need a proof-of-
work calculation is one that should cause pause for thought -- that
pause being several times longer that the calculation itself :)
[big snip]
Occasionally I get a question from someone I don't know, but this is
rare enough that I could, if necessary, give up 60 seconds of my
PowerBook's CPU time to send a reply, without too much fuss - after
all, it would have taken me at least that long to write it. I'd still
be concerned about the time taken on a slower machine, though.
60 seconds implies that you limit people to 1440 emails per day. If you
look again at the paper you will see that at this level the spammers who
use zombies would be restricted to only about 5% of current activity (ie
the solution would perceptually be no better than filtering) or
alternatively (if you think spammers will purchase kit to do the proof-
of-work sums "legitimately") you are forcing the price of spam up to
around 0.1 cents/email -- which is not sufficient to remove a lot of
topics from our mailboxes.
To get the work factor high enough to have an impact, you need to be
thinking in terms of an hour or so :(
... or of course you need to change the landscape by reducing the zombie
population or by making the cost of spamming much higher (regulatory
fines, prison terms etc). These latter approaches are probably not on
topic here, leastwise not with the current subject line.
[another big snip]
That leaves one big category: Web Mail. The likes of Hotmail and
Yahoo don't charge for sending e-mail from their systems, except
perhaps in terms of banner ads. They also handle ginormous amounts of
said mail, which could make a proof-of-work switch-on relatively
difficult for them. However, most of their clients are low-end home
users, who, on average, may have relatively favourable contact
patterns. For this, we could do with more statistics.
Goodman & Rounthwaite have an interesting paper on using Captchas to
limit webmail usage (one conclusion is that you need quite a number of
them). It was presented at EC'04 yesterday, but the link on Joshua's
home page is not currently working -- I expect he'll fix it when he gets
home :(
http://research.microsoft.com/~joshuago/
- --
richard Richard Clayton
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBQKsmFhfnRQV/feRLEQK9EQCgiczEy+CwfSn0lHD0gJsWibb0v0YAn3t9
FHfizxkay8VqZty3pWpWKfXe
=W4rP
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg