It kills this model dead at any interesting message volume.
True for central authority of crypto cookies, or highly complex algorithms
that require significant CPU resources, but what if recipients issued and
tracked their own "crypto cookies" (stamps) that senders could obtain in a
standard automated method?
There are any number of ways that a cookie generator could make a verifiable
crypto cookie that's less than trivial but doesn't create huge tracking
overhead. The recipient would need to balance their risk of accepting
duplicate cookies with the amount of resource they wanted to dedicate to
generating unbreakable cookies. There would be no difference to the sender
between a weak crypto cookie or a strong crypto cookie as long as they
obtained one that the recipient accepts.
On Mon, Nov 17, 2008 at 2:50 PM, John Levine <asrg(_at_)johnlevine(_dot_)com>
wrote:
PS:
Amazon buys cryptographic cookies and puts them in the email header.
These can be verified independently by a receiver (MUA, MTA, whatever,
that's policy.)
You know that double spending problem I keep whining about? It kills
this model dead at any interesting message volume. Nice try, though.
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg