[hashcash] Re: Opportunistic signatures - a proposed design

  • From: Atom 'Smasher' <atom@xxxxxxxxxxxxxx>
  • To: hashcash@xxxxxxxxxxxxx
  • Date: Sun, 29 Aug 2004 14:14:58 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

i already let signed email bypass any filtering, if i have the public key in my keyring.

i'm currently working on a formal standard for including OpenPGP key information in an email header. when that happens, an MUA can offer the user an option to accept the key, and accept any message signed with that key. it really shouldn't be *that* difficult to build the UI smarts into an app, if the key management is handled intelligently.

in the meantime, only geeks will allow signed messages to bypass further checks. i think that signatures and hashcash serve different purposes, and to that extent the technologies are complimentary... if i have your key in my keyring you can sign a message and it won't be subject to filtering... but if i don't know you, then hashcash will do the same thing. also, i may not want to sign an email with my key (maybe i'll want to deny later that i authored it)... in that case, hashcash is more valuable.

anyway, OpenPGP is a perfectly viable protocol for signing email... no need to reinvent that wheel. of course, if people are signing on auto-pilot (no password protected keys) then keys should be small... they'll be stolen by viruses, not password protected and there should be several avenues of plausible deniability... the purpose is to "prove" to a filter, not to a court, who authored an email. of course, if one is handling outbound email for a large bank and they want to discourage phishing, then a large key is a good idea (with certain obvious and non-obvious precautions).


    ...atom

 _________________________________________
 PGP key - http://atom.smasher.org/pgp.txt
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

        "I haven't failed, I just found 100,000 ways that don't work."
                -- Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJBMh0nAAoJEAx/d+cTpVciFtgH/RCxO56wovFVuGvTpRzBANy0
ea8XWMElApYhEvfJbIRuX5yjoq6m1kyh+ieRjqiuGeZayweu2UBPhQ/PsgfQLEnv
EjGLLP4g+53cbUcMrtPOgkds8zaKkeU2YnCtizm1X0c1MOrRG8XOwfWnUAmnv0aD
jw0/bnKIGsDHxzXBgHnay7W3pHdUIrxlVrJBPhgtWCZRBwzFULW4whUKhRcv58fm
QzcHXhCK9pCJyXvgertMNe+p/0pOC/XNGcXO8t/leh7yx3FU7xQs/4aZDc75rvHa
+NxYmPR2+dY3oaN0KcQV2MI45+RVyjjE14Pp+0+Dr7WeCLj4xBYin1yuLnDxbxs=
=si3F
-----END PGP SIGNATURE-----

Other related posts:

  1. Home
  2. hashcash
  3. Archive
  4. 08-2004