Theodore Ts'o wrote:
someone who is sending me a human generated
message can generally easily afford the 2 minutes worth of CPU time
before their mailers can deliver the message to my mail host.)
But what CPU? The machines with which I routinely send mail range from a
200MHz handheld to a 2GHz*2 desktop. I would be unhappy with a protocol
that required me to run my handheld's CPU at full speed for 2 minutes
(the battery life isn't so hot); but that level of hashcash would
require only 6 seconds from my desktop, which is probably too little to
be a deterrent. And, if it were targetted at making my *desktop* take 2
minutes, then the handheld would take about 40, which is totally
unacceptable.
The whole hashcash idea has two major flaws. The most obvious is
Moore's Law (you'll have to keep doubling the bar every 18 months, which
means email will get more and more expensive for people who don't
upgrade their CPUs). The other is that all it proves is that *somebody*
spent those CPU cycles. Spammers already steal resources to send their
messages; what's to stop them from sending out stealth worms that use
the victim's machine to do hashcash calculations?
--
/===========================================================\
|John Stracke |jstracke(_at_)centive(_dot_)com |
|Principal Engineer|http://www.centive.com |
|Centive |My opinions are my own. |
|===========================================================|
|There are footprints on the moon. No feet, just footprints.|
\===========================================================/