On Sunday 02 March 2008 12:49, bbackde at googlemail.com wrote: > No complains from anyone? So we can expect this feature soon?
We're in a feature freeze. That means you have to convince me that it's essential to have this for 0.7.0. Hash cash is not a panacea: IMHO it will have to be combined with CAPTCHAs and web of trust, therefore we will still need FMS. Because an attacker will probably have a powerful system, whereas a lot of users don't; an attacker might have native-optimised hashcash libraries, and a typical user won't, at least in the short term. A user might not be willing to wait more than 1 minute for a message's hashcash to be computed, on a slow system; this means an attacker can solve them every 5 seconds on a faster system (twice the clock speed and four cores). Hash cash can be implemented in FMS without any change to the core. And it should only be necessary for FMS introductions, not later on. Just bolting it on to Frost would mean a very weak protection, at the cost of a new keytype. On the other hand it's a nice idea... > > On Sat, Mar 1, 2008 at 9:05 PM, <bbackde at googlemail.com> wrote: > > This sounds like a good idea! No matter who uses it (fms, frost, thaw) > > could at least be sure > > that the sending costed the sender some cpu time. It could also > > restrict the amount of sent messages > > at all, considering the same cpu time. So it becomes more expensive > > and annoying for the spammer. > > Now its quite easy for him, he could even play crysis in parallell ;) > > > > On Sat, Mar 1, 2008 at 8:56 PM, Michael Rogers <m.rogers at cs.ucl.ac.uk> wrote: > > > bbackde at googlemail.com wrote: > > > > If I understand this correct, the node of the sender will have to > > > > compute a valid > > > > hash cash before actually sending the key? And receivers can easily check the > > > > hash cash and reject keys without a valid hash cash? > > > > > > Right - inserts without valid hash cash won't even be forwarded. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20080303/2667d438/attachment.pgp>
