Re: hashcash spam prevention & firewalls

["Robert A. Costner" <pooh@efga.org>]

At 06:53 PM 12/13/97 -0600, Uhh...this is Joe [Randall Farmer] wrote:
>This is exactly what I was addressing: remailers only have to get themselves
>certified as remailers and then prove their certification to the destination
>server, not do the whole hashcash shtick for every message. (For example,
they
>could publish their public key's hash signed by some anti-spam organization,
>then sign the hash of the server's challenge to prove that they are a real
>remailer, not an advanced spammer imitating one) 

I find this concept to have problems.  I don't know how many there are, but
with 4,000+ US ISPs, all of the schools, corporations, etc, there must be
at least 50,000 mailhosts that would have to accept authentication.  This
whitelist concept, that if I am "good" I get approved and certified smacks
of things which I generally oppose.  And who keeps the whitelist?  CAUCE?
Verisign?  Time Magazine?  The NSA? Microsoft?

How much would it cost for each of the 50K mail hosts to become certified?
This is an administrative nightmare.  The current alternative to this
certification list is the configuration files such as domains.banned,
user.banned, etc.

Currently remailers can send mail most anywhere.  I suspect that if
remailers had to get certified (say a RASCi rating of "remailer") most mail
hosts would begin denying mail from remailers.  I don't believe that mail
servers need to be certified.



  -- Robert Costner                  Phone: (770) 512-8746
     Electronic Frontiers Georgia    mailto:pooh@efga.org  
     http://www.efga.org/            run PGP 5.0 for my public key