ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] About that e-postage draft [POSTAGE]

2009-02-15 18:50:49
from [Bart Schaefer] [Permanent Link] 
On Feb 15,  1:56pm, John Leslie wrote:
} Subject: Re: [Asrg] About that e-postage draft [POSTAGE]
}
} mathew <meta(_at_)pobox(_dot_)com> wrote:
} > 
} > Nonsense. You just make the purchased stamp dependent upon the address
} > of the recipient, for example by hashing the To: address inside the
} > cryptographic stamp when it's minted.
} 
}    Minor correction: for the POSTAGE draft, the token may cover multiple
} To: addresses; thus it should be tagged with the receiving MTA, not the
} To: address.
} 
}    This might be worth adding to the POSTAGE draft -- not that it isn't
} already possible, just that for this to catch multiple use of the same
} token it would need to be mandatory. What do folks think?

John might recall that during our off-list discussion of the POSTAGE
draft, I suggested using a per-transaction token such as DSN ENVID for
this sort of tagging, but we chose to avoid becoming entangled with
the DSN extension.

Tagging per MTA isn't nearly as effective as per recipient or per
transaction, because for some MTAs (a Yahoo MX, for example) the number
of possible recipients becomes large enough that using the same stamp
on thousands of transactions is still a viable attack.

However, I'd like to remind everyone of one important aspect of the
POSTAGE draft:  It doesn't rely on the notion of "buying a stamp".

The transaction is structured such that the token presented by the
sender is more like a credit card authorization.  The token allows the
recipient MTA to make a charge of a specified amount against an account
maintained by (a bank on behalf of) the sender.  The sender does not
obtain the "stamp" from the recipient, he gets it from his bank.

If that sender chooses to present the same stamp a million times, it's
up to the sender and his bank to resolve the dispute; if the bank has
no way to detect and refuse duplicates, it can simply tally them all
up and bill the sender after the fact.

This doesn't in any way address problems of a pwned machine grabbing
tokens from a compromised bank account, but it does mean that the
recipient MTA can ignore the problem and expect to be paid no matter
what shenanigans are going on at the other end of the wire.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] About that e-postage draft [POSTAGE], John Levine
Next by Date:  Re: [Asrg] About that e-postage draft [POSTAGE], mathew
Previous by Thread:  Re: [Asrg] About that e-postage draft [POSTAGE], John Leslie
Next by Thread:  Re: [Asrg] About that e-postage draft [POSTAGE], John Leslie
Indexes:  [Date] [Thread] [Top] [All Lists]