From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/45426 Path: main.gmane.org!not-for-mail From: Stainless Steel Rat Newsgroups: gmane.emacs.gnus.general Subject: Re: [ANNOUNCE] contrib/hashcash.el spam fighter Date: Fri, 28 Jun 2002 12:30:45 -0400 Organization: The Happy Fun Ball Brigade Sender: owner-ding@hpc.uh.edu Message-ID: <02Jun28.122222edt.119118@gateway.intersystems.com> References: <02Jun24.115740edt.119250@gateway.intersystems.com> <02Jun24.151839edt.119751@gateway.intersystems.com> <02Jun25.104630edt.119271@gateway.intersystems.com> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1025282000 28900 127.0.0.1 (28 Jun 2002 16:33:20 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Fri, 28 Jun 2002 16:33:20 +0000 (UTC) Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 17NygR-0007W1-00 for ; Fri, 28 Jun 2002 18:33:20 +0200 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 17Nyf5-0006aM-00; Fri, 28 Jun 2002 11:31:55 -0500 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Fri, 28 Jun 2002 11:32:15 -0500 (CDT) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id LAA29565 for ; Fri, 28 Jun 2002 11:32:03 -0500 (CDT) Original-Received: (qmail 15379 invoked by alias); 28 Jun 2002 16:31:38 -0000 Original-Received: (qmail 15374 invoked from network); 28 Jun 2002 16:31:38 -0000 Original-Received: from gateway.intersys.com (HELO intersystems.com) (198.133.74.253) by gnus.org with SMTP; 28 Jun 2002 16:31:38 -0000 Original-Received: by gateway.intersystems.com id <119118>; Fri, 28 Jun 2002 12:22:22 -0400 Original-To: "(ding)" X-Attribution: Rat In-Reply-To: ("Patrick J. LoPresti"'s message of "28 Jun 2002 10:48:48 -0400") Original-Lines: 48 User-Agent: Gnus/5.090006 (Oort Gnus v0.06) XEmacs/21.1 (Cuyahoga Valley, i686-pc-linux) Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:45426 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:45426 * "Patrick J. LoPresti" on Fri, 28 Jun 2002 | The hashed value includes both the recipient's address and the date. | The hash is valid only if the recipient address is correct *and* the | date is recent. "Recent" can be 28 days, 1 week, 1 day, or whatever | you like; it depends on how long you want to allow the coin to be | valid (for the convenience of the sender) versus how long you want to | keep old coins listed in your local database. Okay. That can be problematic if you set it to be too long or too short. It would really suck to have important, legitimate mail tagged as spam because of sending delays. | The sender must include a separate hash for every recipient, whether | CC'd or BCC'd. But how can you, the recipient, know which hash in a BCC hash list is "yours" if there is no disclosure of the recipients list? You can't. But like trying to abuse POP as an IMAP server, if you have a problem trying to use a saw to drive nails then the problem is you, not the saw. If you try to use X-Hashcash as an authentication mechanism then you deserve what you get. | It does not matter if two duplicated coins appear somewhere in the | world; what matters is whether somebody can exploit them. With any | reasonable number of bits, they cannot. One false positive out of a | million messages, or a billion messages, is certainly a ratio I could | tolerate. What about one false positive out of 100 messages? Can you say "denial of service"? X-Hashcash does not scale. | I do not think hashcash will catch on because it is too complex. Hashcash and X-Hashcash are not the same thing. Please do not confuse the two. | But it is technically sound, your half-dozen misinformed messages on the | topic notwithstanding :-). Oh, I am hardly misinformed -now-. I see X-Hashcash for what it is, what it is intended to accomplish, and what some might try to misuse it as. -- Rat \ Ingredients of Happy Fun Ball include an Minion of Nathan - Nathan says Hi! \ unknown glowing substance which fell to PGP Key: at a key server near you! \ Earth, presumably from outer space. That and five bucks will get you a small coffee at Starbucks.