[hashcash] Re: hashcash v1 questions

On Mon, May 31, 2004 at 11:04:05PM +0000, Justin wrote:
> Is it difficult to attach a pgp keyblock to a message?  Even if the
> message is MIMEd, There have to be 50 MIME libraries out there with either
> a bsd or gnu license and simple interfaces.  

MIME may not be appropriate because the message may not be a mime
message.  (Well it could _become_ a MIME message, but that doesn't
seem like a nice thing to have to do.  Much less intrusive to leave
the message-body as is, and work in headers alone for transport
related thing.  Compare eg to receipt notifications or similar.)

> If the problem is that spammers might put 1000 keys in a
> hashcash-stamped message,

Per Malcolm's suggestion we can discard headers that exceed the
max-length, suggested eg 512 bytes.

If in a separate header, could ignore all but 1st?  There is no reason
for a sender to send more than one key that I can see immediately.

> Only camram users could sign using ecc, so only camram users could ever be
> whitelisted (until someone wrote a standalone ecc client).
> 
> People don't ordinarily attach keys to email, so requiring keys to be sent
> during initial communication, very few non-camram users would be
> whitelisted.  If camram parsed X-...-Fingerprint: headers and tried to
> grab those keys from keyservers, that might accelerate camram's
> usefulness.  That header is just a sha1 hash
> of the key with some inserted whitespace.

Oh I see.  You mean to sort of interoperate with PGP signatures that
people may attach for other reasons.  Possible.  Downside is brings
with it the PGP problems/complexities in making msg body survive
transport.

But how would the interop story work?  Say you are someone who sends
PGP signatures, I think CAMRAM requires some form of introduction to
get you white listed (by signature key).  The introduction choices are
hashcash, reverse-turing, email challenge-response I think.

Adam

Other related posts: