[hashcash] Re: Opportunistic signatures - a proposed design

now, if i'm the sysadmin for a large bank, and my customers are targeted for phishing scams, then i'd be smart to use larger keys (among other obvious and non-obvious precautions). If you're owned, you are owned.

I have a friend who closely tied to an anti-phishing group. He has seen camram and thinks it could be very useful for anti-phishing especially if we can get the signature stuff straightened out. It's useful from two perspectives. First from the stamp reducing the volume of phisher traffic getting through the second is from the signatures being verifiable. But the whole concept of verifiable signatures gets into a very different discussion outside of hashcash/camram.

What the bank really wants is not a signature, but a certificate, at least by my terminology.

A signature allows you to recognise a person reliably, but it only works if you've talked to that person before. PGP uses signatures in a recursive manner to build a "web of trust". Banks use signatures of various kinds (eg. handwritten, PIN) to allow their customers to authenticate themselves after opening an account.

A certificate assures you of who a stranger is, or rather that they have satisfied the issuing authority of their identity. The IBM SCCC uses certificates, as does SSL. Banks will ask customers for a certificate of identity, such as a passport, when they open an account. Once the certificate has been associated with a signature, the signature carries similar weight to the certificate - but not before.

as an end user, do i benefit more from hashcash or signatures? i ~think~ hashcash is, overall, better. as a bank whose customers are targeted in phishing scams, do i benefit more from hashcash or signatures? i can protect myself much better if a PKI allowed customers to quickly identify if an email is *really* from me... domain-keys and SPF will both help with the problem of forgeries.

hashcash is an introducer. Opportunistic signatures allow for efficient distribution of mail to people who agreed to know each other (individuals and mailing lists). 

Yes indeed.

you can never really know if e-mail is "really" from you. They're too many ways for the identity process to be corrupted even if you meet the person face-to-face with appropriate documentation. You have no of knowing it's truly accurate. You need to understand where false information can be injected into the system and if you can corrupt human processes long before you ever go digital, then there is no hope. All you can do is trust people based on repeated exposure.

And this is why the PGP folks have their heads up their arses, to use a colloquialism. There are so many other gaps in the system that there really is no point in forcing people who don't actually need it to use a "perfect" but hugely overcomplex system.

To abuse an analogy, this is like an airliner with a dodgy engine, a drunk First Officer, cracks in the rudder, and a malfunctioning starboard aileron, returning to the gate... because there weren't enough "refreshing towelettes".

--------------------------------------------------------------
from:     Jonathan "Chromatix" Morton
mail:     chromi@xxxxxxxxxxxxxxxxxxxxx
website:  http://www.chromatix.uklinux.net/
tagline:  The key to knowledge is not to rely on people to teach you it.


Other related posts: