From: Stainless Steel Rat <ratinox@peorth.gweep.net>
Subject: Re: [ANNOUNCE] contrib/hashcash.el spam fighter
Date: Fri, 28 Jun 2002 12:30:45 -0400 [thread overview]
Message-ID: <02Jun28.122222edt.119118@gateway.intersystems.com> (raw)
In-Reply-To: <s5gvg834fxr.fsf@egghead.curl.com> ("Patrick J. LoPresti"'s message of "28 Jun 2002 10:48:48 -0400")
* "Patrick J. LoPresti" <patl@curl.com> on Fri, 28 Jun 2002
| The hashed value includes both the recipient's address and the date.
| The hash is valid only if the recipient address is correct *and* the
| date is recent. "Recent" can be 28 days, 1 week, 1 day, or whatever
| you like; it depends on how long you want to allow the coin to be
| valid (for the convenience of the sender) versus how long you want to
| keep old coins listed in your local database.
Okay. That can be problematic if you set it to be too long or too short.
It would really suck to have important, legitimate mail tagged as spam
because of sending delays.
| The sender must include a separate hash for every recipient, whether
| CC'd or BCC'd.
But how can you, the recipient, know which hash in a BCC hash list is
"yours" if there is no disclosure of the recipients list? You can't. But
like trying to abuse POP as an IMAP server, if you have a problem trying to
use a saw to drive nails then the problem is you, not the saw. If you try
to use X-Hashcash as an authentication mechanism then you deserve what you
get.
| It does not matter if two duplicated coins appear somewhere in the
| world; what matters is whether somebody can exploit them. With any
| reasonable number of bits, they cannot. One false positive out of a
| million messages, or a billion messages, is certainly a ratio I could
| tolerate.
What about one false positive out of 100 messages? Can you say "denial of
service"? X-Hashcash does not scale.
| I do not think hashcash will catch on because it is too complex.
Hashcash and X-Hashcash are not the same thing. Please do not confuse the
two.
| But it is technically sound, your half-dozen misinformed messages on the
| topic notwithstanding :-).
Oh, I am hardly misinformed -now-. I see X-Hashcash for what it is, what
it is intended to accomplish, and what some might try to misuse it as.
--
Rat <ratinox@peorth.gweep.net> \ Ingredients of Happy Fun Ball include an
Minion of Nathan - Nathan says Hi! \ unknown glowing substance which fell to
PGP Key: at a key server near you! \ Earth, presumably from outer space.
That and five bucks will get you a small coffee at Starbucks.
next prev parent reply other threads:[~2002-06-28 16:30 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-06-22 12:55 Simon Josefsson
2002-06-23 2:40 ` David Masterson
2002-06-23 4:39 ` Stainless Steel Rat
2002-06-23 5:12 ` David Masterson
2002-06-23 13:50 ` Stainless Steel Rat
2002-06-23 14:36 ` Simon Josefsson
2002-06-23 15:20 ` Stainless Steel Rat
2002-06-23 17:59 ` Simon Josefsson
2002-06-23 21:34 ` Stainless Steel Rat
2002-06-24 5:41 ` David Masterson
2002-06-24 8:20 ` Kai Großjohann
2002-06-24 12:06 ` Simon Josefsson
2002-06-24 16:05 ` Stainless Steel Rat
2002-06-24 16:41 ` Simon Josefsson
2002-06-24 19:26 ` Stainless Steel Rat
2002-06-24 21:14 ` Simon Josefsson
2002-06-25 1:55 ` Stainless Steel Rat
2002-06-25 2:15 ` Stainless Steel Rat
2002-06-25 8:56 ` Simon Josefsson
2002-06-25 14:54 ` Stainless Steel Rat
[not found] ` <mit.lcs.mail.ding/02Jun25.104630edt.119271@gateway.intersystems.com>
2002-06-28 14:48 ` Patrick J. LoPresti
2002-06-28 16:30 ` Stainless Steel Rat [this message]
[not found] ` <mit.lcs.mail.ding/02Jun28.122222edt.119118@gateway.intersystems.com>
2002-06-28 20:25 ` Patrick J. LoPresti
2002-06-28 21:30 ` Stainless Steel Rat
2002-06-28 23:03 ` Simon Josefsson
2002-06-29 0:41 ` Stainless Steel Rat
2002-06-29 11:46 ` Simon Josefsson
2002-06-29 13:56 ` Stainless Steel Rat
[not found] ` <m2u1nmti0u.fsf@tnuctip.rychter.com>
2002-06-29 14:05 ` Stainless Steel Rat
[not found] ` <mit.lcs.mail.ding/m3bs9uxjsh.fsf@peorth.gweep.net>
2002-06-30 0:20 ` Patrick J. LoPresti
2002-06-30 7:23 ` Stainless Steel Rat
[not found] ` <mit.lcs.mail.ding/02Jun28.172137edt.119392@gateway.intersystems.com>
2002-06-30 0:07 ` Patrick J. LoPresti
2002-06-30 7:48 ` Stainless Steel Rat
2002-07-01 6:37 ` Steinar Bang
2002-07-01 15:20 ` Stainless Steel Rat
2002-07-01 17:22 ` Steinar Bang
2002-07-01 18:37 ` Stainless Steel Rat
2002-07-02 10:43 ` Steinar Bang
2002-07-02 15:33 ` Stainless Steel Rat
2002-07-02 18:23 ` Simon Josefsson
2002-07-02 18:28 ` Karl Kleinpaste
2002-07-02 18:50 ` Simon Josefsson
2002-07-05 22:14 ` Kevin Ryde
2002-07-06 11:11 ` Henrik Enberg
2002-07-07 18:40 ` Simon Josefsson
2002-07-02 18:57 ` Steinar Bang
2002-07-02 21:09 ` Stainless Steel Rat
2002-07-03 11:45 ` Steinar Bang
2002-07-03 12:35 ` Oystein Viggen
2002-07-03 14:49 ` Stainless Steel Rat
2002-06-25 6:57 ` undo mail catchup w .snapshot .[mumble]rc ? Yeoh Yiu
2002-06-26 19:33 ` Paul Jarc
2002-06-28 4:51 ` Yeoh Yiu
2002-06-23 14:36 ` [ANNOUNCE] contrib/hashcash.el spam fighter Mark Milhollan
2002-06-23 10:54 ` Simon Josefsson
2002-06-24 18:22 ` Jason R. Mastaler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=02Jun28.122222edt.119118@gateway.intersystems.com \
--to=ratinox@peorth.gweep.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).