ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] About that e-postage draft [POSTAGE]

2009-02-16 12:33:23
from [Steve Atkins] [Permanent Link] 

On Feb 16, 2009, at 7:07 AM, mathew wrote:


On Sun, Feb 15, 2009 at 17:12, John Levine <johnl(_at_)taugh(_dot_)com> wrote:
>> It is possible to defend against this threat, but not cheaply, since 
>> the defense requires a robust transaction system that can serialize
>> the thousand requests, approve one, and reject the other 999, while
>> still providing service to the rest of their customers.
>Nonsense. You just make the purchased stamp dependent upon the address of 
>the recipient, for example by hashing the To: address inside the
>cryptographic stamp when it's minted.
Aw, come on. Please don't tell me I have to explain why this model has 
the exact same problem.
Go on, indulge us. Explain why stamps that are hashed to the recipient can still be spent on multiple spams unless a network transaction is carried out for every one.
Let's go ahead and assume that the stamp also has an expiry date encoded into it, mmkay?
If it's simply hashed then anyone can create them. That means it's possible to send a large number of messages using stamps that look entirely plausible prior to them being looked up at the central 
broker. There are obvious reasons why people would do this.
So, the next step is to use some crypto such that it's possible for anyone to validate that the stamp may be plausible for the recipient, but not for anyone to generate it. Maybe you use public key 
signatures - presumably with the private key held solely by the bank.
But that means that stamps are not interchangeable. You can't buy them or generate them in advance, or at least not in bulk, in advance. Instead you have to purchase them (from one of a small number of "banks") at the time you send the mail as well as redeem them (from that very 
same bank) later.
(Given that the sending machine has to contact a central server and the receiving machine also has to contact the same central server during the transmission of the message there are a lot 
of other things you could do with it that are simpler than epostage).

Cheers,
  Steve

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] About that e-postage draft [POSTAGE], John Leslie
Next by Date:  Re: [Asrg] About that e-postage draft [POSTAGE], Paul Russell
Previous by Thread:  Re: [Asrg] About that e-postage draft [POSTAGE], Benjamin April
Next by Thread:  Re: [Asrg] About that e-postage draft [POSTAGE], John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]