ietf
[Top] [All Lists]

Re: Engineering to deal with the social problem of spam

2003-06-09 02:55:50
i think that we could write [hashcash] up as open source and widely
distribute it and publicize the hell out of it for the rest of our
careers without ever having it become common practice to
reject-with-explaination all e-mail that comes from unauthorized
senders.  therefore it can become, at best, a system that radical and
highly technical recipients can use.  we've got a number of those
already.  (this one sounds new and better.)

In order for this to work, the request for the Hashcalc calculation
has to be done automatically.  If it requires manual intervention
where the user sees the reject notice and then has to manually take
action --- of course, it's doomed to fail.  So this is something which
would require modification to the MTA's in order for this to work.

ah.  then the right way to think about this is "an option for trust" where
one way to "feel the trust" is to know that someone else has performed the
hashcash ritual on your behalf.  this is workable.

The easist way to automate such a scheme would be in the context of
your "replace SMTP" proposal; it's just a matter of using bare keys +
hashcash-style solution, instead of requiring a global PKI.

hashcash-style solutions are prone to computational cost diversity problems,
such that someone you want to exchange e-mail with might still have a 2GHz
32-bit CPU even though 90GHz 64-bit CPU's are what's being sold at that time.
a requirement that someone do some work that takes 1 CPU minute on the fast
(future) CPU's will tend to "lock out" owners of older (current) CPU's.  a
requirement that would only take one CPU minute of time for an older (current)
CPU would "allow in" any spammer who wanted to buy (lots of) modern hardware.

but more germane to the problem at hand is the fact that the community Will
Not Move To A New Protocol if all it offers is hashcash, with or without the
computational cost diversity problems, with or without other problems.  my
children are relatively wise in the ways of the world but the age at which i
want them to have ibcs(*) access is lower than the age at which i'd be
comfortable letting anyone with hashcash in their pocket send us traffic.  so
while hashcash might be a form of trust for some, it wouldn't be one here.
-- 
Paul Vixie

(*) "ibcs" == interpersonal batch communication system, which is my generic
term for "whatever will follow 821/822 email".



<Prev in Thread] Current Thread [Next in Thread>