Re: why "penny black" etc. are not very useful (could crypto stop spam??)

2004-01-02 Thread Victor . Duchovni 
On Thu, 1 Jan 2004, Amir Herzberg wrote:

> IMHO, your conclusion is wrong: cryptographic authentication could be a
> critical tool to stop spam; someone in our community should do this (write
> the software) already... How? E-mail (at least from new correspondents)
> must be signed by an `anti-spam mail certification authority (ASMCA)` -
> often the ISP of the sender. Recipient's mail client (or server) will
> reject mail (from new correspondents) not certified by a trustworthy ASMCA.
> If the mail was not rejected but later identified (by end user) as spam,
> the recipient client/ISP will not only know not to trust the sender's
> ASMCA, they will also have `proof` that this ASMCA approved (signed) this
> spam, so they can inform other ASMCA's and mail client/servers.

This is impractical. No such infrastructure will exist. Trust management
on the scale your propose is not feasible or desirable. The key feature of
email and what makes it the Internet's "killer application" is that anyone
can send email to anyone else. No central authority is needed to vouch for
the sender or the content.

Again, we do not need to cripple email to stop spam. For my mailbox, of
the 1000 spam messages a month that get past the RBL, 925 are caught by
the spam filter. I am left with 2-3 spam messages a day, why again do we
need to cripple the most important application on the Internet?

-- 
Viktor.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: why "penny black" etc. are not very useful (could crypto stop spam??)

2004-01-02 Thread john saylor 
hi

Amir Herzberg wrote:
E-mail (at least from new 
correspondents) must be signed by an `anti-spam mail certification 
authority (ASMCA)` - often the ISP of the sender. Recipient's mail 
client (or server) will reject mail (from new correspondents) not 
certified by a trustworthy ASMCA.
ok, but is it a 'web of trust' model [pgp] with many decentralized 
ASMCAs [or whatever they're called], or a 'pay to play' model where an 
authority [verisign] decides which mail gets the bits or not.

the technology exists, and would work. the problem [as is often the 
case], comes with the human interface to the technology. i am very 
skeptical of how much better things would be in a 'pay to play' 
scenario. we'd just get different kinds of spam without lessening the flow.

- ASMCA's have strong incentive not to approve spam.
if they can make more money by approving it, they will. i wish it were 
otherwise.

--
\js ! VTABE NAPRV FFGER ATGU
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: why "penny black" etc. are not very useful (could crypto stop spam??)

2004-01-02 Thread Amir Herzberg 
At 17:38 30/12/2003, Perry wrote:

In my opinion, the various hashcash-to-stop-spam style schemes are not
very useful, because spammers now routinely use automation to break
into vast numbers of home computers and use them to send their
spam. They're not paying for CPU time or other resources, so they
True. But, as Ben noted, the user of the machine could and should care 
about the resource. Now one may claim that many users don't pay attention 
to viruses stealing huge amounts of their CPU time. So I agree that the 
`waste CPU time to pay for sending mail` may have limited effect to stop 
spam. I also rather dislike the notion of wasting resources to send every 
e-mail. But where I quite disagree with you is when you say...
...
1. "We need public key authentication of all mail". Well, I'll point
out that large integers are cheap and plentiful. "Authenticated"
spam is pretty much as bad as non-"Authenticated" spam. If we use
IMHO, your conclusion is wrong: cryptographic authentication could be a 
critical tool to stop spam; someone in our community should do this (write 
the software) already... How? E-mail (at least from new correspondents) 
must be signed by an `anti-spam mail certification authority (ASMCA)` - 
often the ISP of the sender. Recipient's mail client (or server) will 
reject mail (from new correspondents) not certified by a trustworthy ASMCA. 
If the mail was not rejected but later identified (by end user) as spam, 
the recipient client/ISP will not only know not to trust the sender's 
ASMCA, they will also have `proof` that this ASMCA approved (signed) this 
spam, so they can inform other ASMCA's and mail client/servers.

Results:
- ASMCA's have strong incentive not to approve spam. They'll use 
appropriate measures, mainly: filtering tools and punishing spammers 
(blocking accounts, charging fines, etc.)
- End users whose machines were broken into will be notified by their ASMCA 
(usually ISP), when it detects the spamming by filtering tools or by 
complaints, and will (1) know there's a problem and take measures to get 
rid of the spamming trojan horse and  (2) maybe be a bit more careful about 
the machine in the future.

Desired side effects:
- users will also enjoy e-mail authentication (and confidentiality could be 
added trivially) - which in particular will make it a bit more difficult 
for e-mail viruses to propagate.

What's the bug in this simple solution? If anybody wants to implement I'm 
willing to assist in developing/validating the protocols.

Best regards,

Amir Herzberg
Computer Science Department, Bar Ilan University
Homepage (and lectures in applied cryptography, secure communication and 
commerce): http://www.cs.biu.ac.il/~herzbea

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]