[hashcash] Re: Opportunistic signatures - a proposed design

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, 30 Aug 2004, John Honan wrote:

To meet user needs the solution has to be transparent (invisible, as you mention), and zero-cost for the user to implement. Most home users aren't going to be interested learning how these things work, they're just interested in minimising spam with as little effort on their part as possible. If a user clicks the send button to mail their friend, and suddenly get prompted 'please enter stamp value', or 'please wait.... generating stamp', or 'do you want to add this recipient to your whitelist?' - They're going to get a bit nervous; "why isn't my mail being sent the way it used to?", "what's a stamp value?", "what's a whitelist.....?" etc. 
==============

these are UI issues, and are concerns with any technology... "do you want to accept messages signed with this key?" that question would be just as confusing to my mom as the questions you ask.

so, regardless of the technology, the UI has to be smart enough for users who aren't.


Enterprise requirements are slightly different. They want zero implementation and support costs. They just want a solution that will sit there behaving itself and zapping spam. They don't want to have to pay for anything (if they can help it), and they certainly don't want to have to drastically modify or upgrade existing systems or servers or increase support costs to keep it running. Adding hashcash support to Spamassassin was an excellent idea. 
==============

how is that different than anyone else? nobody wants to pay or do work, they just want to not get spam, not have false positives and have their outgoing mail not get caught in a spam filter!

the only real difference between enterprise systems and other systems is that enterprise systems tend to upgrade less frequently.


Whatever about adding hashcash to open-source apps, eventually Windows will have to be addressed. I haven't checked the market shares, but I would assume that Outlook is the most popular MUA out there at the moment. Now, if people could just go to a website, and click the 'download hashcash for outlook plug-in here'..... 
================

that should work. but no one will will want to use it until everyone else is using it... that's why i'm here...


Also, I'm not sure about closed-source applications just 'having' to adopt it. That's the reason they are closed-source. They would prefer to implement their own solution if they possibly can, rather than integrating an open source product into theirs. Losing market share won't be their primary concern, legal issues and licensing will be (look at the recent mails regarding SenderID....) I think a 'plug-in' solution for MUAs and server apps is best way - otherwise you'll be waiting a long time for them to just 'adopt' it. 
=================

again, your argument applies just as much to a signature system, whether using public or secret keys.

i'm here and using hashcash NOT because it's ~currently~ cutting down on spam, but because using it in outgoing mail advocates using it: by letting people know that if they use it, they can be assured that their message will bypass my filter, that also advocates using it. this is what leads to mass deployment; that is what leads to applications *wanting* to integrate support for it; that, in turn, creates a "need" to integrate it into more applications.

thus, i'm now using hashcash for advocacy reasons, more than practical reasons. i hope that the advocacy/practical ratio will soon shift.

we we recently saw IETF say "no" to M$'s sender-id plan. yahoo seems to be putting an honest effort into open-sourcing (FTMP) their domain-keys system. these are both encouraging to open standards, and will force closed-source developers to think twice about coming up with their own "solution".


    ...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

        "Do not wait; the time will never be 'just right.'
         Start where you stand, and work with whatever
         tools you may have at your command, and better
         tools will be found as you go along."
                -- Napoleon Hill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBM2/dAAoJEAx/d+cTpVciphoIAI/e1MbSUaBuYcHiZObJUwJU
qM/j+L4OHmPTvxzzrt4m0LGFfDHc5EsAlQPh8QQ51C7k2eoV+qYSW2uGgnj2FLE3
dgzZ0aUHa6Ke5idP/ab1ZVHld+my4HnCvkXspIKWX5PfT395l5De4vLKnThuToFo
ibPpDtOtILTJ8HOar7CO28w261hdX6QNwTfytS8YW7M6RQqzz4Y9G6b4oxP6CIFI
Z4tr4etp9lFPOLuYU40owa7X+uvxfhZ1mTwHsMccA687d3s06AIfdBvX7601QzaF
yD2yWryZHa+KW095Ptv9Xj2ud6GUDSHWWaRQ3BXUQXY3VVB5OnXb4PmA1hnVbhU=
=uxtZ
-----END PGP SIGNATURE-----

Other related posts: