----- Original Message ----- From: "Steven M. Bellovin" <[EMAIL PROTECTED]> To: "Ian Grigg" <[EMAIL PROTECTED]> Cc: "Graeme Burnett" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, May 11, 2004 11:36 AM Subject: Re: The future of security
> In message <[EMAIL PROTECTED]>, Ian Grigg writes: > > Security architects > >will continue to do most of their work with > >little or no crypto. > > And rightly so, since most security problems have nothing to do with > the absence of crypto. > > > >j. a cryptographic solution for spam and > >viruses won't be found. > > This ties into the same thing: spam is *unwanted* email, but it's not > *unauthorized*. Crypto can help with the latter, but only if you can > define who is in the authorized set of senders. That's not feasible > for most people. Something like hashcash / client puzzles / Penny Black define a set of authorized email (emails that come with a proof-of-work), and then provide a cryptographic solution. This is not a full-proof solution (as described in the paper Proof-of-Work Proves Not to Work), but a good partial solution that is probably best used in combination with other techniques such as white-lists, Bayesian spam filters , etc... I think cryptography techniques can provide a partial solution to spam. --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
