From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/45427 Path: main.gmane.org!not-for-mail From: "Patrick J. LoPresti" Newsgroups: gmane.emacs.gnus.general Subject: Re: [ANNOUNCE] contrib/hashcash.el spam fighter Date: 28 Jun 2002 16:25:49 -0400 Sender: owner-ding@hpc.uh.edu Message-ID: References: <02Jun24.115740edt.119250@gateway.intersystems.com> <02Jun24.151839edt.119751@gateway.intersystems.com> <02Jun25.104630edt.119271@gateway.intersystems.com> <02Jun28.122222edt.119118@gateway.intersystems.com> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1025296073 28478 127.0.0.1 (28 Jun 2002 20:27:53 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Fri, 28 Jun 2002 20:27:53 +0000 (UTC) Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 17O2LR-0007PD-00 for ; Fri, 28 Jun 2002 22:27:53 +0200 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 17O2KK-0007DT-00; Fri, 28 Jun 2002 15:26:44 -0500 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Fri, 28 Jun 2002 15:27:04 -0500 (CDT) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id PAA29892 for ; Fri, 28 Jun 2002 15:26:54 -0500 (CDT) Original-Received: (qmail 23232 invoked by alias); 28 Jun 2002 20:26:19 -0000 Original-Received: (qmail 23227 invoked from network); 28 Jun 2002 20:26:19 -0000 Original-Received: from lockupnat.curl.com (HELO egghead.curl.com) (216.230.83.254) by gnus.org with SMTP; 28 Jun 2002 20:26:19 -0000 Original-Received: (qmail 23241 invoked by uid 10171); 28 Jun 2002 16:25:49 -0400 Original-To: ding@gnus.org In-Reply-To: Original-Lines: 42 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:45427 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:45427 Stainless Steel Rat writes: > | The sender must include a separate hash for every recipient, whether > | CC'd or BCC'd. > > But how can you, the recipient, know which hash in a BCC hash list is > "yours" if there is no disclosure of the recipients list? You > can't. Right, so you have to try them all. Checking the validity of a coin is "fast", so this is OK, in theory. You also need to try every address which the sender might have used to BCC you, which assumes you know all of them... I suppose there might be some hints in the Received headers to speed all this up, but yeah, it is not pretty. Then again, it is not disastrous if you miss a message. It will be a long time (ha ha) before everybody is using X-Hashcash, so you will occasionally have to sift through the rejects folder to find some legitimate messages anyway. > What about one false positive out of 100 messages? Can you say "denial of > service"? X-Hashcash does not scale. Well, you get to decide how many bits you require the sender to match, so you can make it one out of however many you like. Or am I misunderstanding what you mean? > Hashcash and X-Hashcash are not the same thing. Please do not > confuse the two. Yup; I apologize. I think X-hashcash is a creative attempt at a technological solution to spam. And for some applications, like a public mailing list, it might even be practical. Who cares whether you can BCC ding@gnus.org, for instance? It seems unlikely to catch on as a user-to-user filtering scheme; digital signatures are probably a better approach for that. - Pat