On Thursday 29 May 2003 17:51, Iljitsch van Beijnum wrote:
I> However, creating new publick/private key pairs is an
I> incredibly expensive operation, and one that a legitimate
I> email wouldn't have to do very often, but a spammer would
I> if we just keep blacklisting their keys.
I was only responding to the part about encrypting the message's hash
with the recipient's public key. Nobody needs to generate any keys,
except those who want to be behind this sort of gatekeeping function.
Requiring that all email be signed with a private key is another story,
which has been (ahem) hashed over many times.
BTW, I also thought of a way you can make the computational costs much
harder for spammers. This unfortunately also affects legitimate bulk
mailers, but they can be whitelisted. However, it keeps the costs
roughly the same for most ordinary (one-to-one) senders. The trick is
to require that the hash include the recipient address, not just the
message body. That way, not only must the hash be re-encrypted per
recipient, but re*calculated*. Even worse, you can insist that the
address be *first*, so they can't just save the results of hashing the
message and start from there for each victim. Sorry if this has been
brought up already; I've only been lurking a few days and haven't delved
THAT deeply into the archives.... B-)
--
David J. Aronson, Unemployed Software Engineer near Washington DC
See http://destined.to/program/ for online resume, and other info