ietf-asrg
[Top] [All Lists]

Re: [Asrg] Email Postage (was Re: FeedBack loops)

2008-11-17 19:24:24

On November 17, 2008 at 15:13 gklaas(_at_)sacto(_dot_)com (Gerald Klaas) wrote:
 It kills this model dead at any interesting message volume.

True for central authority of crypto cookies, or highly complex algorithms
that require significant CPU resources, but what if recipients issued and
tracked their own "crypto cookies" (stamps) that senders could obtain in a
standard automated method?

There are any number of ways that a cookie generator could make a verifiable
crypto cookie that's less than trivial but doesn't create huge tracking
overhead.  The recipient would need to balance their risk of accepting
duplicate cookies with the amount of resource they wanted to dedicate to
generating unbreakable cookies.   There would be no difference to the sender
between a weak crypto cookie or a strong crypto cookie as long as they
obtained one that the recipient accepts.

But this would seem to converge onto a whitelisting or C/R scheme, no?

I guess it has the added advantage of some confidence that the sender
is who they say they are since they're presenting your stamp.

 (and no, I'm not so quick to try to smash an idea by positing
 wide-open cryptographic permeability.)

If you tracked your own cookies you could spot duplicates and take
whatever action you saw fit.

I still lean towards trying to create some sort of economic incentive,
it's been difficult to get sites to buy into schemes unless they had
some other clear advantage other than possibly stopping someone else
from spamming.

Here's a question which is almost isomorphic:

  How many big commercial sites will do challenge/response with
  customers? Any?

I really don't know, I've never thought to ask before just now.

But there is some parallel in acceptance threshold between
user-generated cookies and a C/R system, no?

-- 
        -Barry Shein

The World              | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD        | Login: Nationwide
Software Tool & Die    | Public Access Internet     | SINCE 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
https://www.irtf.org/mailman/listinfo/asrg