[hashcash] Re: hashcash for camram-spam list? (Re: [camram-spam]Re: Friday news)

Adam Back wrote:

> On Sun, Mar 28, 2004 at 04:38:11PM -0500, Eric S. Johansson wrote:
> 
>>>Adam wrote:
>>>
>>>>This is an anti-spam measure; perhaps we could tweak the mail list
>>>>software so it allows posts with hashcash for the list address (such
>>>>as this one with a hashcash for camram-spam@xxxxxxxxxx).
>>
>>I would be careful about this.  Allowing any address in based on a stamp 
>>effectively devalues the stamp.  In other words, for a given amount of 
>>effort, you can reach more people.  
> 
> 
> Maybe I'm misunderstanding what you're saying.  But the value of
> sending hashcash pre-emptively even when you don't know the recipient
> can handle it is that:
> 
> - you should not be blacklisted based on IP
> - your mail should not be subject to false +ve
> 
> - your mail should not be subject to a challenge-response that you:
>   - are too lazy to reply to
>   - that gets accidentally filed in trash by your own spam filter
>   - that gets tied up in a knot with someone else's competing CR system

I am in agreement with you on these points.  This is good.  ;-)

> in keeping with this another kind of false +ve avoidance is:
> 
> - avoiding your mailing list post getting forwarded to a moderator
>   because there is something which triggers mailing list anti-spam
>   filter or spam based policy (eg not list member by it's necessarily
>   crude approximation -- I am a list member, but making my list
>   headers match the subscription address is more pain than it's worth(*)).

OK, I think we are in agreement on this point as well.  What I am 
hearing is that membership on a list is not defined (exclusively) by 
e-mail address (except for delivery) therefore alternative methods of 
defining membership are necessary.
> 
> in short more stuff should just work.

>>This is where the signature based if stamps we have been dancing
>>around would shine.
>>
>>If on the other hand, you use something like hmac-sha1, [...]
> 
> 
> Not sure how to make this would help the mailing list case without
> mailing list support.  The sender doesn't know who is behind the
> mail-exploder.

inbound filter doing transformations on the envelope.  In other words, 
it would transform whatever address you have plus membership card to 
your official "list membership" thereby letting you in.

> I'm wondering if we need to think ahead about v1 format wrt adding
> signatures, hmacs etc.  Auth tokens are "special" in the sense that
> they sign the rest of the stuff, and so need to be divided from it in
> someway, and yet would be useful to be able to have the in the same
> header via an extension.
> 
> eg. hash on introduced public key, signature instead of or in addition
> to smaller hash on subsequent mails (if you're doing the CAMRAM
> introduce sig key thing).

hey, we can share.  Besides, the signature ideas all Ben's fault.  I've 
got witnesses.

but yes, I do think we need to think carefully about all we are adding 
but not so carefully that we don't get anything done.  I would opt for 
just the second-tier key and maybe some short of auth token.  remember, 
friends fly free.


> So perhaps this can be done with what you had in mind for CAMRAM sigs
> where the subscriber and the list are CAMRAM aware.  You send the list
> hashcash / CR at subscription time, you get back an allowed to post
> cert, or the list remembers your public key, then you can post.
> 
> (Allowed to post cert saves storage on list server, it can figure it
> out for itself from the allowed to post cert you re-present -- list
> storage vs bandwidth tradeoff).

the finite state machine you described for user mailing list interaction 
is what I had in mind.  When subscribing, you would always send a hash 
cash stamp (i.e. it's a stranger address), get back public key of list 
and then through -request munging, transfer inbound association to the 
real address of the list.  getting keys from the mail server for list 
posts is interesting.  Could you describe more how they work?

---eric

Other related posts: