[hashcash] Re: PR Problem?
- From: "Eric S. Johansson" <esj@xxxxxxxxxx>
- To: hashcash@xxxxxxxxxxxxx
- Date: Sat, 11 Nov 2006 22:56:34 -0500
Todd A. Jacobs wrote:
> Integration is an issue. Hashcash is *not* trivial to implement at the
MUA level, isn't a drop-in piece of the MDA toolchain, and even MTA
support (where it exists) may not play well with other tools.
one of the most fundamental obstructions to implementing sender-pay
systems is simply the significant difficulty in establishing two
unidirectional paths for e-mail so you can apply different operations on
each pass (i.e. stamping outbound, detection inbound). I've been able
to fake it in postfix by explicit routing inbound traffic and using the
submit port for outbound.
If you want wider uptake, you have to address the installed based of
software. And more importantly, you have to convince people that it adds
value to install and configure it even if almost no one else does the
same. OpenPGP cleartext-signing is a great example of this philosophy:
it provides some observable utility (non-repudiation) even if the vast
majority of one's email correspondents don't use PGP/GPG.
this is a classic T0 problem. If you throw in a hashcash receiver and
it doesn't cost anything to configure or only takes a few minutes, then
there is no "objection" to that system. What appears to be the most
contentious is generating stamps. Any stamps. Without addressing that
objection, we won't get off of T0.
(Insert hybrid sender pays rant here)
Since hybrid sender-pays can reduce the cost of generating stamps to
almost nothing and the DNS info propagation method proposed can reduce
the cost of configuration down to almost nothing all we need to do is
prove that they will get something for nothing.
Bad jokes aside, we have the techniques. Adam is right we need to do a
little more analysis but I'm spent enough time with them that I'm
convinced they are basically sound. we need to prove that it does no
harm and that when adoption gets high enough with your partners, it
provides benefit. Like I said before, first stage benefit is
introducer, second stage benefit is ability to crank up the filters and
make it harder for spammers to get through. the 1.5 stage benefit is it
doesn't make blacklists permanent but are instead something that can be
penetrated with enough work.
one way to prove the lack of damage is to run an e-mail service. Either
on a per domain or a per account basis.
if you want to have something like open PGP clear text signing, we could
create the equivalent of a multipart mime document in which one of the
parts is a stamp section. Makes visible, lets people know what's going
on and makes it more difficult to parse on the backend (maybe). another
advantage to multipart mime document form is multi-parts stamps. That
instead of having a single 24-bit stamp, you would use 16 20 bit stamps
to reduce the variability of stamp search time from message to message.
One question would be what happens if you stand a gpg signed document?
---eric
Other related posts:
