On 2005-01-09 15:52:57 +1000, Laird Breyer wrote: > On Jan 08 2005, Michael Kaplan wrote: > > > Wouldn't the newsletter operator first have to obtain the specific > > > sub-address from each receiver (assuming your system is widely deployed) > > > at least once? > > > > The address is provided by the recipient when they sign up for the newsletter, > > just like what is done now. > > You mean the sub-address? How many unique sub-addresses do you expect people > to carry in their heads, or do you expect each person to carry around > a sub-address generator everywhere, for such occasions? How often do you subscribe to newsletters while away from your computer (or any computer with internet access)? If I was using Michael's system I'd probably carry a list of a dozen pregenerated sub-addresses in my wallet and expect that to last a few years (Well, actually I'd use the same list to give valid subaddresses to individuals during face-to-face meetings, so it would be expleted a lot faster). > > > Also, there are privacy implications in outsourcing the processing of > > > sensitive email messages to cheap third parties? > > > > Outsource the CAPTCHA, not the entire message. > > > > The CAPTCHA contains the key to generating the required sub-address. That's > all that is needed. No, not necessarily. Although the Michael's example presents the CAPTCHA together with the invariant parts of the mail address, this isn't necessarily the case. It would be possible to separate them in such a way that the recipient could keep the invariant parts secret and pass only the puzzle to the outsourcing company. So the outsourcing company would know that the solution of the puzzle is "LUCKY", but they don't know that the full address is <JOE.LUCKY at DOMAIN.COM>. Of course they could try all combinations of addresses and solutions, but that would be extremely expensive if the system is deployed widely (if it isn't, they won't bother). > There's also the fact that list messages (such as your own to this > list) often arrive twice, once through the list and once directly. If > I used your system, I would be sending you a CAPTCHA bounce which > would be clogging your inbox. No, you wouldn't, unless you had the subaddress already disabled, in which case you wouldn't receive mails from the mailinglist either (unless you explicitely whitelisted the mailinglist). hp -- _ | Peter J. Holzer | Je höher der Norden, desto weniger wird |_|_) | Sysadmin WSR | überhaupt gesprochen, also auch kein Dialekt. | | | hjp at hjp.at | Hallig Gröde ist fast gänzlich dialektfrei. __/ | http://www.hjp.at/ | -- Hannes Petersen in desd
Attachment:
pgp0q2sTqErgz.pgp
Description: PGP signature
_______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg