[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

message dependent hashcash => no double spend database (Re: hashcash spam prevention & firewalls)





Robert Costner <[email protected]> writes:
> Does the same hashcash that allows a message to enter the remailer network
> also retain it's validity once the message has been rewritten by the
> remailer?  Is this hashcash still valid for the destination mail server at
> netcom?  Does the initial sender provide two instances of hashcash, one to
> get into the remailer, and one to get into the destination mail system?

The latter.  The originator provides all postage for one way
remailers.

Nym reply block postage needs other mechanisms as described in a
previous post.

> Various remailers can distort a message in a variety of ways.  Dropping of
> MIME attachments, munging of email addresses when CC'ed to a newsgroup,
> adding a PGP signature or timestamp, adding headers that explain it's a
> remailer, adding footers that explain it's a remailer.  Since the actual
> message can change, it seems that for hashcash to be message dependent, it
> would have to be generated by the exit remailer.

Making the hashcash message dependent is interesting in that it
removes the need for a double spending database, because apart from a
DoS attack it is not interesting to the spammer to send you multiple
copies of the same mail, and in previous discussions someone suggested
it for this reason.

However, generally I have been assuming that it's easier to have a
double spend database, and to make the hashcash depend only on the
resource name for the kinds of problems you raise, and because it is
cheaper to verify hashcash on shorter strings.  By resource name I
mean whatever it is that is being used.  For an email address it is
the email address, for a remailer it is the remailers address.  Could
be generalised for other purposes, for example free use of web based
resources or even telnet based TCP/IP protocols in general.

Adam
-- 
Now officially an EAR violation...
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`