Jonathan Morton wrote:
...which I do. I thought I'd made that clear.
While I don't yet have a document describing exactly how it works, the
essence is that high-value hashcash can be replaced by a low-value
hashcash combined with a whitelisted signature. The signature is also
included with high-value hashcash tokens so that whitelists can be built
easily. The required hashcash value for return mail is indicated by
another header.
CAMRAM proposes to do something like this. Their whitelists are based
on signatures.
btw I've been working on an extensible v1 hashcash format, and your
comments about hashing sigs also occurred to me in that context. See
thread on apr 18-19 on:
http://news.gmane.org/gmane.mail.spam.hashcash
my motivation for having hashcash of signatures was that verifying a
signature costs order of 2ms (on 3 Ghz P4) where as verifying a hashcash
takes order of 20ns O(10^5) higher cost (rough calc based on openssl
speed dsa1024 and openssl speed sha1). So one could have eg a 12 bit
stamp (est 5ms to produce) to defend against people wasting the servers
time. ie the server would verify the hashcash before verifying the
signature.
Of course other reasons to sign hashcash tokens, hashcash auth signature
keys etc are to facilitate the CAMRAM like logic where signatures are
introduced as whitelisting mechanisms.
Reducing the capacity of the zombie network is bound to be worthwhile.
I would also suggest that victims are more likely to notice their
infected machine if it has high CPU usage than if it has high network
usage.
I would also suggest that 0.1c per mail would make for less frivolity
than the present 0.001c per mail. Your paper says that 0.1c/mail was
used by spammers as a price in the past. The pertinent question is:
how far in the past, and what were the spamming levels like back then?
My idea of
"make an impact" starts from "prevent the problem from getting even
worse than at present" and works from there.
Well I think we can make a negative-proof for just about all current
anti-spam systems. Ie "this doesn't work in the limit and here's why
and how a spammer can work around or adapt to your anti-spam system".
blacklists, whitelists, keyword filter, bayesian filter, traded
checksums, the works. Well that should be self-evident given the volume
of spam despite these attempts.
So I'd say hashcash is still an interesting ingredient into the mix.
Strongly disagree. To make an impact, the worst-case I can think of
would demand about a minute of work on average, and I would hope we
could work with less.
Your idea of "make an impact", however, seems to be equivalent to our
idea of "virtually eliminate the problem single-handed".
Adam
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg