[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] My take on e-postage

It's a lot more than that that the stamp vendor needs to keep track
of.  The first thing that comes to mind is that recipients need a
way to check that a stamp hasn't already been used



Not necessary, if the stamp cryptographically includes both the
sender and recipient addresses.



Then the recipient needs a way to check the crypto signature - and even
then, you have to figure out a way that stamps can't get reused with
forged sender addresses.  (That is, X sends mail to Y, with a valid
stamp <X,Y>.  Spammer gets hold of a copy (through any of many possible
means) and sends mail with that stamp, to Y, forging X's address as the
sender.)




But the recipient Y will be able to tell if he's seen the same stamp 
twice.  That's trivial to deal with, especially since most modern MUAs 
(well, Eudora and Apple Mail, anyway) index their mail archive already 
by default.



As for verifying crypto signatures, the public key from the vendor is 
needed for that, since the vendor issued the stamp.  This is, broadly 
speaking, a one-time operation, which happens after the sender vendor's 
trustworthiness has been looked up.  It's also an operation that could 
potentially be offloaded on the recipient's vendor, since the recipient 
is probably going to send the stamp there for reimbursement anyway.




Another solution is to use a proof-of-work stamp,





There really is no such thing.  Hashcash is not something that can
be attached to a message; it requires an interactive protocol.
(There may be some way to do proof-of-work in an open-loop form, but
I haven't seen it yet.)





Why is this?



Why?  Simply because all the hashcash protocols I've seen outlined, or
that I've thought of, involve some kind of challenge by the recipient
which must be answered by the "payer".  A simple example might be "find
a data blob whose SHA-1 hash has these 20 bits set to these values".

As I said, I don't know whether this is an inherent property of
hashcash (by which I really mean "proof-of-work", even though,
strictly, hashcash is but one form of p-o-w) or whether it's just an
artifact of the hashcash schemes I am aware of.  But until someone
shows me one which doesn't have that property, I have to operate under
the assumption that no such thing exists.




Ah, I see what you're missing.  What you need is more like "find a data 
blob Y, which is different from this challenge X, where both X and Y 
have the same first N bits in their SHA-1 hash".  The challenge can 
then be arranged so that it contains various pieces of information 
about the mail itself, such as the sender, recipient, creation date and 
time, and possibly part of the content and/or some of the other header 
fields.



This way, the sender and the recipient can both figure out what the 
challenge should be (except for the number of bits, but a sensible 
default can be assumed), and the sender can then, with reasonable 
confidence about validity, attach the hashcash stamp to the mail.  If 
the sender has previously conversed with this recipient, it will also 
have a priori knowledge of N, improving efficiency.



--------------------------------------------------------------

from:     Jonathan "Chromatix" Morton

mail:     chromi@chromatix.demon.co.uk

website:  http://www.chromatix.uklinux.net/

tagline:  The key to knowledge is not to rely on people to teach you it.





_______________________________________________

Asrg mailing list

Asrg@ietf.org

https://www1.ietf.org/mailman/listinfo/asrg