On Mon, May 31, 2004 at 11:04:05PM +0000, Justin wrote: > Is it difficult to attach a pgp keyblock to a message? Even if the > message is MIMEd, There have to be 50 MIME libraries out there with either > a bsd or gnu license and simple interfaces. MIME may not be appropriate because the message may not be a mime message. (Well it could _become_ a MIME message, but that doesn't seem like a nice thing to have to do. Much less intrusive to leave the message-body as is, and work in headers alone for transport related thing. Compare eg to receipt notifications or similar.) > If the problem is that spammers might put 1000 keys in a > hashcash-stamped message, Per Malcolm's suggestion we can discard headers that exceed the max-length, suggested eg 512 bytes. If in a separate header, could ignore all but 1st? There is no reason for a sender to send more than one key that I can see immediately. > Only camram users could sign using ecc, so only camram users could ever be > whitelisted (until someone wrote a standalone ecc client). > > People don't ordinarily attach keys to email, so requiring keys to be sent > during initial communication, very few non-camram users would be > whitelisted. If camram parsed X-...-Fingerprint: headers and tried to > grab those keys from keyservers, that might accelerate camram's > usefulness. That header is just a sha1 hash > of the key with some inserted whitespace. Oh I see. You mean to sort of interoperate with PGP signatures that people may attach for other reasons. Possible. Downside is brings with it the PGP problems/complexities in making msg body survive transport. But how would the interop story work? Say you are someone who sends PGP signatures, I think CAMRAM requires some form of introduction to get you white listed (by signature key). The introduction choices are hashcash, reverse-turing, email challenge-response I think. Adam