[hashcash] Re: Opportunistic signatures - a proposed design

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, 29 Aug 2004, Eric S. Johansson wrote:
Atom 'Smasher' wrote:

let's say i send an email to my mom, and her MUA recognizes a pgp email header on my signed email. whether the mail was signed manually or automatically doesn't matter, here. anyway, her MUA informs her:
This email includes key information for "Atom Smasher". Would
you like to accept all emails signed by "Atom Smasher"?

that's all it takes. then her MUA creates a key-pair for her, and automatically signs outgoing messages... same thing happens when someone gets a message form her.

OK, I'll argue that you do not even need to see that message in the first place. Why not have her MUA look at recent traffic and say "she has sent e-mail to atom smasher three times. I've seen the same key from atom with a stamp three times. Therefore, let's assume any signatures created by this key is equivalent to a stamp made by atom. no need to bother mom. She has more important things to do."

seriously, the whole notification accept request messages would only serve to confuse and not enlightened. This is not to say you should not keep track of all of this information and making available on user requests but there's no need to throw in their face. Remember that users hate pop-ups of all forms whether they be from Web browsers or from alert boxes in the application. 
================

hhmmm... let the dancing paperclip dude handle it behind the scenes... i guess that would be fine for >90% of users....


so, the obvious weakness in automatically signing emails is that viruses will steal the key (large keys don't help), and then use it to send mail to everyone in that user's address book.

just as much as they can steal cycles from a users machine (100 addresses is not that much) and send hashcash stamped messages to everyone in your address book. 
=================

well, if a signing key is used against everyone in the address book...
1) the virus/spammer can send a LOT of spam (to those users) before being detected and
2) every now and again, it will find HUGE address books (aka mailing lists).

re example #1, let's say my mom's computer gets infected, and at 3am the virus starts sending out mail to everyone in the address book... i come into the office at 9am and have a few hundred spams (signed by her) trying to sell me things that i would have rather never heard of. that barrage could actually be *worse* than the handful of spams that typically get past a filter.

hashcash, however, would force the virus/spammer to mint a stamp for EVERY email that's sent out... slowing down the computer and making it more likely that the virus/spammer will be discovered (and maybe even removed).


as an end user, do i benefit more from hashcash or signatures? i ~think~ hashcash is, overall, better. as a bank whose customers are targeted in phishing scams, do i benefit more from hashcash or signatures? i can protect myself much better if a PKI allowed customers to quickly identify if an email is *really* from me... domain-keys and SPF will both help with the problem of forgeries.

hashcash is an introducer. Opportunistic signatures allow for efficient distribution of mail to people who agreed to know each other (individuals and mailing lists). you can never really know if e-mail is "really" from you. They're too many ways for the identity process to be corrupted even if you meet the person face-to-face with appropriate documentation. You have no of knowing it's truly accurate. You need to understand where false information can be injected into the system and if you can corrupt human processes long before you ever go digital, then there is no hope. All you can do is trust people based on repeated exposure. 
=================

both technologies have their strengths and weaknesses... it will come down to what becomes widely implemented, and what proves easily defeated. if a PKI proves too easy to break, because it's being used on insecure systems, then hashcash gains credibility... OTOH if a method of quickly finding SHA-1 collisions is found, hashcash can either implement a stronger hash function or hashcash users can require more valuable stamps... only one thing is certain: the more widely any technology is used, the more effort will be put into attacking it.



        ...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

        "The World Bank, IMF, and private banks have consistently
         lavished huge sums on terror regimes, following their
         displacement of democratic governments, and a number of
         quantitative studies have shown a systematic positive
         relationship between U.S. and IMF/World Bank aid to
         countries and their violations of human rights."
                -- Edward S. Herman, economist,
                U.S. media and foreign policy critic,
                author of 'The Real Terror Network'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBMj6vAAoJEAx/d+cTpVciFeMIAKZzSs77yLZFWLwoga8RgWFr
2fxeDWiNYnlaigmmzv5iZVBojzndanrtIFHzJrFGeyP5NKGX983yTjRkqvYKZVMZ
MOLkdvG0kKHfUo3leS+ieK8HB7RB4UpDcQBSRIKGEdz2doSsfWZUjK0PucWyxWjK
4nj7QHDtRAsDKzvSUQ6oigxaltUeJIFHf+mpcY8pgQ6gPjyiq5KuWWBX6Q1Tot4I
SxWClDuk1QY+mLlfa3cROzGUsXC7Mtb20b7Mu/BwPUAC44jJSkGm6A2GFjYRxUyv
g0oZB7fh9RuggnnylzeXWfjW9ghcZLHfUBi4ZPbjWgmqugFRr5pFxnAxUTv2mQ8=
=e4I3
-----END PGP SIGNATURE-----

Other related posts: