Payments as an answer to spam

Anton Stiglic astiglic at okiok.com
Tue May 13 15:53:16 EDT 2003 

----- Original Message ----- 
From: "Ian Grigg" <iang at systemics.com>

> As a footnote from economics, it is considered
> a bad thing to create a monetary system that
> bases its scarcity on destruction of assets.
> Such schemes are expected to be dominated by
> schemes that achieve the same effect but
> manage to conserve their assets.
> 
> This applies to hashcash (c.f. Adam B.) or
> those various hash collision schemes of
> tokenising money (c.f. Ron R?).  Pretty
> much all of these schemes can be done more
> practically just by doing plain-old-digital-
> signatures (PODS?).

I don't agree with that point.  PODS implies
PKI, which is not easy at all.  That's the
beauty of schemes like hashcash, they need
very little administration overhead.

> The real issue with propagating any such
> mail payment scheme (whether destructive or
> conservative of value) becomes one of client
> ease.  Most all mail clients have trouble
> understanding new conventions.

Non-interactive Hashcash can be implemented 
completely transparently from the regular users point 
of  view.  PODS can't, if you want to protect
your private key, you need to request a smart card 
or at least a passphrase;  Unless
you have an option "don't ask for my passphrase
again" like they have in Windows, see P. Gutmann's 
paper "Where do your encryption keys want to go 
today?".

> To look at it from an experience pov, if we
> could adjust mail protocols and clients easily
> enough to add a mail payment scheme, then we
> could have done the same to add crypto for
> privacy purposes.

It already is integrated in mail clients.  Outlook is 
probably the most used MUA, and it implements 
S/MIME.  PGP has plugins for several MUAs.
There are free plugins based on GPG.
What prevents widespread use of the 
crypto implemented in these MUA is PKI
"I don't want to bother getting a certificate from 
Verisign..."

> Institutionally speaking, we (as an Internet)
> have failed to deploy widespread crypto mail
> in a lethargic and non-aggresive environment.
> It's a bit hard to see how to deploy a mail
> payment scheme when we are doing so against
> the interests of an active, aggressive, funded
> and smart enemy.

Implementationally speaking :), I don't see hashcash 
as having the same problems, at all.  
Have Microsoft integrate it in their MUA
and it's a done deal (hopefully in a standard way 
of course, so that others can be compatible...).

The only question that remains for me is if Hashcash-
like schemes will really frustrate spamers, so 
the question is if it's worth to integrate it.

--Anton


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list