> On the other hand it's a nice idea...

That is what I thought. I don't expect to see it in 070, but I think
its great for a later release.

2008/3/3 Matthew Toseland <toad at amphibian.dyndns.org>:
> On Sunday 02 March 2008 12:49, bbackde at googlemail.com wrote:
>  > No complains from anyone? So we can expect this feature soon?
>
>  We're in a feature freeze. That means you have to convince me that it's
>  essential to have this for 0.7.0. Hash cash is not a panacea: IMHO it will
>  have to be combined with CAPTCHAs and web of trust, therefore we will still
>  need FMS. Because an attacker will probably have a powerful system, whereas a
>  lot of users don't; an attacker might have native-optimised hashcash
>  libraries, and a typical user won't, at least in the short term. A user might
>  not be willing to wait more than 1 minute for a message's hashcash to be
>  computed, on a slow system; this means an attacker can solve them every 5
>  seconds on a faster system (twice the clock speed and four cores).
>
>  Hash cash can be implemented in FMS without any change to the core. And it
>  should only be necessary for FMS introductions, not later on. Just bolting it
>  on to Frost would mean a very weak protection, at the cost of a new keytype.
>  On the other hand it's a nice idea...
>
>
> >
>  > On Sat, Mar 1, 2008 at 9:05 PM,  <bbackde at googlemail.com> wrote:
>  > > This sounds like a good idea! No matter who uses it (fms, frost, thaw)
>  > >  could at least be sure
>  > >  that the sending costed the sender some cpu time. It could also
>  > >  restrict the amount of sent messages
>  > >  at all, considering the same cpu time. So it becomes more expensive
>  > >  and annoying for the spammer.
>  > >  Now its quite easy for him, he could even play crysis in parallell ;)
>  > >
>  > >  On Sat, Mar 1, 2008 at 8:56 PM, Michael Rogers <m.rogers at 
> cs.ucl.ac.uk>
>  wrote:
>  > >  > bbackde at googlemail.com wrote:
>  > >  >  > If I understand this correct, the node of the sender will have to
>  > >  >  > compute a valid
>  > >  >  > hash cash before actually sending the key? And receivers can easily
>  check the
>  > >  >  > hash cash and reject keys without a valid hash cash?
>  > >  >
>  > >  >  Right - inserts without valid hash cash won't even be forwarded.
>
> _______________________________________________
>  Tech mailing list
>  Tech at freenetproject.org
>  http://emu.freenetproject.org/cgi-bin/mailman/listinfo/tech
>



-- 
__________________________________________________
GnuPG key:   (0x48DBFA8A)
Keyserver:   pgpkeys.pca.dfn.de
Fingerprint:
477D F057 1BD4 1AE7 8A54 8679 6690 E2EC 48DB FA8A
__________________________________________________

Reply via email to