[Top] [All Lists]

Re: [Asrg] A CAPTCHA that automatically detects and neutralizes attacks.

2005-06-11 02:17:21
Finally, C/R systems answer the question "was this mail sent by
somebody who cares enough about the mail to answer my challenge?"
which is a stronger version of question 1.

That's not what C/R systems answer.

C/R systems answer "has the entity who apparently sent this mail gotten
my challenge and answered it?".

This differs from your phrasing in three important ways: (1) the
distinction between the entity which sent the mail and the entity which
apparently sent the mail; (2) the assumption, or lack thereof, that
challenge-answering, when it occurs, is based on a level of caring
about the mail getting through (as opposed to, say, a desire to throw a
monkey-wrench into the C/R system - I've heard from people who
deliberately answer challenges resulting from mail they didn't send, to
do that); and (3) the realization that a failure to answer may be
because the challenge was not delivered, because its recipient is
unable to answer it (eg, a blind man I know getting a vision-based
challenge), or the answer didn't make it back.

(1) is relevant in any network carrying a lot of forgeries.

(2) is relevant to any scheme that assumes everyone, including those
whose identity is forged into messages, will cooperate in making the
system work as it is designed to.

(3) is relevant to...well, pretty much anything even vaguely C/Rish.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Asrg mailing list

<Prev in Thread] Current Thread [Next in Thread>