On Thursday 25 September 2003 11:41, pineapple wrote: This was getting a bit off topic, but I think the RSA key idea below is potentially relevant to some future applications in Freenet.
> > > I don't think blacklists, even > > > on freenet is the right answer. > > > > Agreed. > > > > > The solution to spam > > > is to move from the current push techonology to > > > pull technology. > > > > I disagree. Hugely inefficient. Polling is not the > > way forward, when it can be avoided. > > Really? Seems to work just fine for the World Wide > Web. Completely different application. Are you going to poll the send queue of everyone in the world to see if they are sending you email? I think not. > What's really inefficient is all this SPAM > flooding mail networks. Provided you can drop the SMTP connection before the actual data transfer begins, or at least before bulk of the message is received, you are not actually receiving 99% of the payload. And that is in most cases good enough. > To help out, mail servers > will still play a role by aggregating their users' > whitelisted domains to be polled. The problem with a fully white-list approach is that your pool of "friends" is not expandable. There is a middle-ground. > Honestly I think > that polling is probably the only workable solution > even though it's inefficient. It's overheads would be more than those of spam. When spam hits 99% of the email floating around (on average), then this may become viable. But not until then. > The alternative is > identifying the originator of any email and punishing > those who abuse it, a solution I find totally > unacceptable. No, just make it expensive in terms of resources to send email, or something inherent in sending email. Switch to using only PGP encrypted email. Everybody has a 10760-bit keys (10753-bit asymmetric is equivalent to 256-bit symmetric keys in strength, last time I checked - which was, admittedly, nearly a year ago). Such a key, even with today's computers, takes a better part of a day to generate. Keep a black-list of keys. That makes the key pair valuable, and each email can carry a header with the public key. You might be able to send 1, 10, 100, maybe even 1000 spams before a key gets black listed in an RBL. Once that happens, nobody will accept emails signed with that key, and you have to spend the next 10 hours generating a new key pair. If a spammer is limited to 1000 messages every 10 hours, their entire economic model becomes unworkable. As the computers get faster, keep upping the key size and update the protocol. A legitimate user should not have a problem with leaving their computer on over night to generate a new key pair once every few years, but a spammer would need truly extreme CPU resources to actually manage to flood the network with spam. On top of that, mail spools could be cleaned based on black lists, so even things that have been delivered (but not yet read) could be deleted post-delivery if the key is blacklisted (unless it is already specifically white-listed by the receiving user). The attack of forging the public key can be overcome using a mutual cross-signing hand-shake. All we need now is for somebody to volunteer to implement something like this over Freenet. ;-) Note that the strength of encryption is not directly relevant here. If you really need more than 128-bit strength (or equivalent), then frankly, I'd much rather not know what it is that is being hidden. This is not about paranoia - the important part is that the public/private key pair would have to take a very long time to generate, to make it way too expensive for spammers, while keeping it acceptable for legitimate users. > I have the feeling the list manager is > probably frowning on this off-topic thread. Maybe we > could move it to chat? I'm not on chat, unfortunately. Gordan _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
