[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] 3. Proof-of-work analysis

I'm in the Security Group of the Computer Laboratory at the University
of Cambridge. Ben Laurie (yes, that Ben Laurie) and I have recently
been doing some sums on proof-of-work / client puzzles / hashcash
methods of imposing economic constraints upon the sending of spam...

Ben wanted to know how big a proof was needed for a practical scheme
he was considering -- and I told him it wasn't going to work. We then
carefully worked through all the calculations, using the best data
that we could obtain -- and we did indeed come to the conclusion that
proof-of-work is not a viable proposal :(
That's a very interesting paper, thank you. I wonder, however, what the distribution curves are like when "regular correspondents" are exempted from proof-of-work, not just mailing lists. Would it be possible to re-examine the MTA logs for this type of pattern?

By "regular correspondents" I mean people who know each other well enough to send mail regularly, not necessarily frequently - even once a week over a period of months. I ask this because I expect that users with slow machines - who would otherwise be the group most inconvenienced by proof-of-work schemes - send mail that mostly falls into this category. I don't know, however, how much of the overall picture is accounted for by these.

For future work, it might be instructive to identify various non-spam use-cases which appear to have a high proof-of-work load - ie. on the "long tail" of the distribution curves presented - and consider practical ways of relieving or accommodating it.

--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi@chromatix.demon.co.uk
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg