Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:20
mgraffam@idsi.net
Sun, 4 Apr 1999 18:38:12 -0400 (EDT)
I cc'd this to CodherPlunks because I hope that this thread will evolve
into a discussion of implementation of a cryptographic solution to spam.
On Sun, 4 Apr 1999, Adam Back wrote:
> A similar discussion to this took place in relation to hashcash [1]
> ... allow regular correspondents to send messages without stamps.
>
> The list of allows provides profiling info which is bad for privacy,
> and an additional problem is that you really need to keep the list at
> your ISP, otherwise you get to download the unwanted junk.
>
> One way around this is to issue the sender with a non-expiring free
> reply token, which is cryptographically related a key.
>
> eg. You (or your ISP on your behalf) keeps a key k. A free reply
> token is t = encrypt( sender-email, k ).
> With out the deployment, the technical solution won't work, or will
> cause more disruption than the junk mail to start with.
Agreed. Discussing these matters are important, but ultimately, talk is
not going to kill spam. We are going to need code.. lots of compatible,
interlocking code on a bunch of different platforms.
I like the hashcash idea.
An alternative is the use PK crypto to give us tokens/stamps for email
exchange.
In either case, we need user-end email clients.
In the first case, with hashcash.. sendmail will need to be modified..
and those mods will need to be smart.. if a user gets an email w/o a
hashcash stamp, we can't just bounce it on day 1 of releasing the code..
SMTP should turn around a message to the sender, letting them know about
hashcash, why it is important, how to set it up, etc.. in an attempt to
get people to use it.. and those mods will need to check recent outgoing
letters of that sort, and prepare to fail if the count of them is
greater than N: we don't want an SMTP war getting set off with
850,000 such letters of evangelism bouncing around because some spammer
decided to light up a particular host with garbage.
Seems to me, though that hashcash is better suited for stopping spam at
the ISP level, as opposed to tokens which give control to the user.
We need new mail clients.
But how do we get commericial vendors to get on board? We can hack pine
and elm, but that isn't going to cut it.. we need the Windows programs to
play along too.
If we go with tokens, we don't cut down on bandwidth problems directly,
but we do free the users up from the problems of spam. We can create
certificates based around, say, RSA.. and while we are at it, we can
give them privacy. Each certificate has two keys.. a traditional key
for privacy, and a key which is used to create signatures for verifying
message senders.
The average guy probably percieves a greater need for widespread spam
blocking than confidentiality.. so strong crypto can ride in on a
spamblocker's coat-tails, as it were.
Michael J. Graffam (mgraffam@idsi.net)
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:20