[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Only accepting e-mail from known parties
- To: [email protected]
- Subject: Re: Only accepting e-mail from known parties
- From: [email protected] (Dr. Dimitri Vulis)
- Date: Mon, 25 Dec 95 17:04:16 EST
- Comments: #include <standard.disclaimer> || echo '+' >$HOME/.rhosts
- In-Reply-To: <[email protected]>
- Organization: Brighton Beach Boardwalk BBS, Forest Hills, N.Y.
- Sender: [email protected]
Adam Shostack <[email protected]> writes:
> It would seem that only accepting signed mail, and caching the
> hash of the signed part would work pretty well, and also not require
Keeping a hash of the signed part sounds like an excellent defense from the
attack of recycled messages. "Your mail blah blah is being returned to you
because it appears to be similar to the e-mail you send on dd/mm/yy". Cool.
> anything (other than a signature) from the remote end. The cost of a
> spam is the time to generate a new key pair. (You probably need some
> way to add new keys, for people to be able to say 'I'd like to talk to
> you.')
When thinking of a protocol, it's useful to consider what do we do in "real
life" to reach an important person: Either ask a common acquiantance to
introduce you, or go through a secretary.
Say, Alice wants to send e-mail to Bob who doesn't accept e-mail to strangers.
Alce may learn that Bob accepts Carol's e-mail, and ask Carol to forward
Alice's e-mail to Bob (with Carol's signature).
An interesting idea would be for Bob (together with other people) to pay some
David to screen their e-mail received from strangers (manually, or with the
help of some programs) and to decide whether to pass them on to Bob or to
discard it. E-mail from known senders goes straight to Bob, and e-mail from
strangers goes to David the screener. Not unlike "real life".
---
<a href="mailto:[email protected]">Dr. Dimitri Vulis</a>
Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps