[hashcash] Re: Opportunistic signatures - a proposed design
- From: Atom 'Smasher' <atom@xxxxxxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Sun, 29 Aug 2004 16:38:01 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, 29 Aug 2004, Eric S. Johansson wrote:
Atom 'Smasher' wrote:
let's say i send an email to my mom, and her MUA recognizes a pgp email
header on my signed email. whether the mail was signed manually or
automatically doesn't matter, here. anyway, her MUA informs her:
This email includes key information for "Atom Smasher". Would
you like to accept all emails signed by "Atom Smasher"?
that's all it takes. then her MUA creates a key-pair for her, and
automatically signs outgoing messages... same thing happens when
someone gets a message form her.
OK, I'll argue that you do not even need to see that message in the
first place. Why not have her MUA look at recent traffic and say "she
has sent e-mail to atom smasher three times. I've seen the same key
from atom with a stamp three times. Therefore, let's assume any
signatures created by this key is equivalent to a stamp made by atom. no
need to bother mom. She has more important things to do."
seriously, the whole notification accept request messages would only
serve to confuse and not enlightened. This is not to say you should not
keep track of all of this information and making available on user
requests but there's no need to throw in their face. Remember that
users hate pop-ups of all forms whether they be from Web browsers or
from alert boxes in the application.
================
hhmmm... let the dancing paperclip dude handle it behind the scenes... i
guess that would be fine for >90% of users....
so, the obvious weakness in automatically signing emails is that
viruses will steal the key (large keys don't help), and then use it to
send mail to everyone in that user's address book.
just as much as they can steal cycles from a users machine (100
addresses is not that much) and send hashcash stamped messages to
everyone in your address book.
=================
well, if a signing key is used against everyone in the address book...
1) the virus/spammer can send a LOT of spam (to those users) before
being detected and
2) every now and again, it will find HUGE address books (aka mailing
lists).
re example #1, let's say my mom's computer gets infected, and at 3am the
virus starts sending out mail to everyone in the address book... i come
into the office at 9am and have a few hundred spams (signed by her) trying
to sell me things that i would have rather never heard of. that barrage
could actually be *worse* than the handful of spams that typically get
past a filter.
hashcash, however, would force the virus/spammer to mint a stamp for EVERY
email that's sent out... slowing down the computer and making it more
likely that the virus/spammer will be discovered (and maybe even removed).
as an end user, do i benefit more from hashcash or signatures? i
~think~ hashcash is, overall, better. as a bank whose customers are
targeted in phishing scams, do i benefit more from hashcash or
signatures? i can protect myself much better if a PKI allowed customers
to quickly identify if an email is *really* from me... domain-keys and
SPF will both help with the problem of forgeries.
hashcash is an introducer. Opportunistic signatures allow for efficient
distribution of mail to people who agreed to know each other
(individuals and mailing lists). you can never really know if e-mail is
"really" from you. They're too many ways for the identity process to be
corrupted even if you meet the person face-to-face with appropriate
documentation. You have no of knowing it's truly accurate. You need to
understand where false information can be injected into the system and
if you can corrupt human processes long before you ever go digital, then
there is no hope. All you can do is trust people based on repeated
exposure.
=================
both technologies have their strengths and weaknesses... it will come down
to what becomes widely implemented, and what proves easily defeated. if a
PKI proves too easy to break, because it's being used on insecure systems,
then hashcash gains credibility... OTOH if a method of quickly finding
SHA-1 collisions is found, hashcash can either implement a stronger hash
function or hashcash users can require more valuable stamps... only one
thing is certain: the more widely any technology is used, the more effort
will be put into attacking it.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"The World Bank, IMF, and private banks have consistently
lavished huge sums on terror regimes, following their
displacement of democratic governments, and a number of
quantitative studies have shown a systematic positive
relationship between U.S. and IMF/World Bank aid to
countries and their violations of human rights."
-- Edward S. Herman, economist,
U.S. media and foreign policy critic,
author of 'The Real Terror Network'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBMj6vAAoJEAx/d+cTpVciFeMIAKZzSs77yLZFWLwoga8RgWFr
2fxeDWiNYnlaigmmzv5iZVBojzndanrtIFHzJrFGeyP5NKGX983yTjRkqvYKZVMZ
MOLkdvG0kKHfUo3leS+ieK8HB7RB4UpDcQBSRIKGEdz2doSsfWZUjK0PucWyxWjK
4nj7QHDtRAsDKzvSUQ6oigxaltUeJIFHf+mpcY8pgQ6gPjyiq5KuWWBX6Q1Tot4I
SxWClDuk1QY+mLlfa3cROzGUsXC7Mtb20b7Mu/BwPUAC44jJSkGm6A2GFjYRxUyv
g0oZB7fh9RuggnnylzeXWfjW9ghcZLHfUBi4ZPbjWgmqugFRr5pFxnAxUTv2mQ8=
=e4I3
-----END PGP SIGNATURE-----
Other related posts:
