ietf-asrg
[Top] [All Lists]

Re: [Asrg] About that e-postage draft [POSTAGE]

2009-02-15 13:56:18
mathew <meta(_at_)pobox(_dot_)com> wrote:
On Thu, Feb 12, 2009 at 15:58, John Levine <johnl(_at_)taugh(_dot_)com> wrote:

My standard spam model is that the bad guy buys one stamp and uses
that one genuine stamp on a thousand messages (transactions, whatever)
at the same time.  It's really easy to verify that a stamp is real
using digital signatures, but there's no way to tell if it's already
been used other than asking the issuer.

It is possible to defend against this threat, but not cheaply, since
the defense requires a robust transaction system that can serialize
the thousand requests, approve one, and reject the other 999, while
still providing service to the rest of their customers.

Nonsense. You just make the purchased stamp dependent upon the address
of the recipient, for example by hashing the To: address inside the
cryptographic stamp when it's minted.

   Minor correction: for the POSTAGE draft, the token may cover multiple
To: addresses; thus it should be tagged with the receiving MTA, not the
To: address.

You know, like SSL certificates include the hostname so you can't use
the same one on multiple sites.

Sure, the spammer can then send 1000 copies of the stamp with 1000 spam
messages, but 999 of them will be rejected when the stamp is decoded,
without any network transaction being required.

   This might be worth adding to the POSTAGE draft -- not that it isn't
already possible, just that for this to catch multiple use of the same
token it would need to be mandatory. What do folks think?

--
John Leslie <john(_at_)jlc(_dot_)net>
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg