Re: [Asrg] About that e-postage draft [POSTAGE]

[Steve Atkins <steve at blighty.com>]

On Feb 16, 2009, at 12:07 PM, Benjamin April wrote:

> Steve Atkins wrote:
> > If it's simply hashed then anyone can create them. That means it's
> > possible to send a large number
> > of messages using stamps that look entirely plausible prior to them
> > being looked up at the central
> > broker. There are obvious reasons why people would do this.
> KISS, A simple back-off solves this. After your third bogus token my  
> MTA
> won't accept a postage-due e-mail for 1 minute from your MTA. IMO
> something like this should be done regardless of weather the token has
> any encoded meaning. (insert your own values)

OK. I have 100,000 MTAs. Now what are you going to do?

> > So, the next step is to use some crypto such that it's possible for
> > anyone to validate that the stamp
> > may be plausible for the recipient, but not for anyone to generate  
> > it.
> > Maybe you use public key
> > signatures - presumably with the private key held solely by the bank.
> My main concern here is that allowing the receiving MTA to validate  
> the
> token offers a false sense of authority. We now know it is far easier
> than originally expected to create a "fake" signing cert. While some
> will argue that using appropriately modern hashing etc will mitigate
> that, I say it only delays the inevitable.

Yup.

> On the other had the only known valid attack against a truly random  
> (and
> secret) opaque token is brute-force.  We have plenty of history to  
> look
> at for reducing the effectiveness of this kind of attack.

Well, no. There are many, many other types of attack against a system
that uses opaque cookies.

But the two obvious choices are either something involving cryptographic
authentication or an opaque cookie. They're different enough that
they should probably be considered separately, if at all.

> > But that means that stamps are not interchangeable. You can't buy  
> > them
> > or generate them in
> > advance, or at least not in bulk, in advance. Instead you have to
> > purchase them (from one of a
> > small number of "banks") at the time you send the mail as well as
> > redeem them (from that very
> > same bank) later.
> I see this as a big issue.  I would find having to go to the post  
> office
> every time I needed a stamp insane. By using opaque tokens you could  
> buy
> a selection of tokens in advance and dispense them on demand.

Yes. (Or, with some limits, reuse them, but that's a different aspect).

> > (Given that the sending machine has to contact a central server and
> > the receiving machine
> > also has to contact the same central server during the transmission  
> > of
> > the message there are a lot
> > of other things you could do with it that are simpler than epostage).
> In the opaque token model I do not see this as a required state.  You
> would be able to pre-buy tokens and only the recipient would have to
> have ongoing connection with the "BANK". Maybe some banks will offer
> discounted fees to MTAs who provide advance notice before placing a  
> big
> order for tokens.

My statement was in the context of epostage stamps which are purchased
for a specific recipient. Obviously if that's not the case you can buy
stamps in bulk (or reuse stamps you receive) rather than having to
buy them specifically for each recipient.

Cheers,
  Steve