[hashcash] Re: hashcash v1 questions

• From: Justin <justin-hashcash@xxxxxxxx>
• To: hashcash@xxxxxxxxxxxxx
• Date: Mon, 31 May 2004 18:43:02 +0000

On 2004-05-31T13:05:36-0400, Eric S. Johansson wrote:
> Justin Guyett wrote:
> 
> >I've seen some others, but I don't recall them at the moment.  Aren't
> >those perfectly adequate to transfer keys in virtually all cases?  They
> >don't require email-bloating keyblocks either in headers or in the
> >message body.  If it's absolutely critical that a message be sent via
> >email, why not use a standard pgp keyblock or define another header in
> >which to place a base64-encoded key?
> 
> The reason I'm looking for this tool is because camram white lists folks
> you've spoken with and white lists by name can be forged relatively
> easily.  I need a stronger mechanism to identify someone as familiar.

Absolutely.  I like key-fingerprint-based whitelisting, but I don't like
having keys in hashcash stamps.  Generating a 25-bit collision on an ~1100
byte hashcash stamp would require nearly 4x the time necessary to generate
the same 25-bit collision on a 64 byte stamp.  Putting keys in hashcash
headers benefits those with insecure keys.

There's no security benefit in putting keys in the hashcash header.  If
camram really needs keys (or other miscellany) sent in message headers,
can it use its own headers rather than bloat hashcash by adding all sorts
of options for key transfers?

> the best tool for this job seems to be public key cryptography but it
> must be done with no user interface whatsoever. To that end, it looks
> like propagating keys embedded in messages is probably the best way
> since it sends keys only to the people you communicate with.

If camram puts keys in headers, I'll probably pull them out and import
them if the message has sufficient postage.  And while I can understand
why camram might put keys in headers, I don't think headers are a
reasonable place to put 700-byte base64-encoded strings.  I'm not at all
happy about the prospect of those 700-byte strings being in _hashcash_
headers.

-- 
"Not your decision to make."
"Yes.  But it's the right decision, and I made it for my daughter."
 - Bill, Beatrix; Kill Bill Vol. 2

• Follow-Ups:
  • [hashcash] Re: hashcash v1 questions
    • From: Eric S. Johansson
  • [hashcash] Re: hashcash v1 questions
    • From: Jonathan Morton

• References:
  • [hashcash] hashcash v1 questions
    • From: Justin Guyett
  • [hashcash] Re: hashcash v1 questions
    • From: Eric S. Johansson

Other related posts:

• » [hashcash] hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions
• » [hashcash] Re: hashcash v1 questions

1. Home
2. hashcash
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---