> On the other hand it's a nice idea... That is what I thought. I don't expect to see it in 070, but I think its great for a later release.
2008/3/3 Matthew Toseland <toad at amphibian.dyndns.org>: > On Sunday 02 March 2008 12:49, bbackde at googlemail.com wrote: > > No complains from anyone? So we can expect this feature soon? > > We're in a feature freeze. That means you have to convince me that it's > essential to have this for 0.7.0. Hash cash is not a panacea: IMHO it will > have to be combined with CAPTCHAs and web of trust, therefore we will still > need FMS. Because an attacker will probably have a powerful system, whereas a > lot of users don't; an attacker might have native-optimised hashcash > libraries, and a typical user won't, at least in the short term. A user might > not be willing to wait more than 1 minute for a message's hashcash to be > computed, on a slow system; this means an attacker can solve them every 5 > seconds on a faster system (twice the clock speed and four cores). > > Hash cash can be implemented in FMS without any change to the core. And it > should only be necessary for FMS introductions, not later on. Just bolting it > on to Frost would mean a very weak protection, at the cost of a new keytype. > On the other hand it's a nice idea... > > > > > > On Sat, Mar 1, 2008 at 9:05 PM, <bbackde at googlemail.com> wrote: > > > This sounds like a good idea! No matter who uses it (fms, frost, thaw) > > > could at least be sure > > > that the sending costed the sender some cpu time. It could also > > > restrict the amount of sent messages > > > at all, considering the same cpu time. So it becomes more expensive > > > and annoying for the spammer. > > > Now its quite easy for him, he could even play crysis in parallell ;) > > > > > > On Sat, Mar 1, 2008 at 8:56 PM, Michael Rogers <m.rogers at > cs.ucl.ac.uk> > wrote: > > > > bbackde at googlemail.com wrote: > > > > > If I understand this correct, the node of the sender will have to > > > > > compute a valid > > > > > hash cash before actually sending the key? And receivers can easily > check the > > > > > hash cash and reject keys without a valid hash cash? > > > > > > > > Right - inserts without valid hash cash won't even be forwarded. > > _______________________________________________ > Tech mailing list > Tech at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech > -- __________________________________________________ GnuPG key: (0x48DBFA8A) Keyserver: pgpkeys.pca.dfn.de Fingerprint: 477D F057 1BD4 1AE7 8A54 8679 6690 E2EC 48DB FA8A __________________________________________________