Payments as an answer to spam

Ian Grigg iang at systemics.com
Wed May 14 12:21:44 EDT 2003 

Anton Stiglic wrote:
> 
> ----- Original Message -----
> From: "Ian Grigg" <iang at systemics.com>
> 
> > As a footnote from economics, it is considered
> > a bad thing to create a monetary system that
> > bases its scarcity on destruction of assets.
> > Such schemes are expected to be dominated by
> > schemes that achieve the same effect but
> > manage to conserve their assets.
> >
> > This applies to hashcash (c.f. Adam B.) or
> > those various hash collision schemes of
> > tokenising money (c.f. Ron R?).  Pretty
> > much all of these schemes can be done more
> > practically just by doing plain-old-digital-
> > signatures (PODS?).
> 
> I don't agree with that point.  PODS implies
> PKI, which is not easy at all.  That's the
> beauty of schemes like hashcash, they need
> very little administration overhead.

I'd disagree with that.  PODS may
imply a centralised server architecture
(but, IMHO, so do payments).  But it
doesn't imply PKI.  Certs imply PKI.
One can do a perfectly good payment
system with PODS, and without PKI.

I'm not actually sure it is possible to
do a good payment system *with* PKI.
I'd suspect too much mass above the
waterline for ultimate stability.

Certainly hashcash has no centralised
component, which makes it better on
that point.  But, it doesn't raise
money.  Those points need to be taken
in balance.  Money makes a centralised
server workable, as its paid for.  More
money makes more centralised servers,
so scaleability is covered too (crudely
speaking).

> > The real issue with propagating any such
> > mail payment scheme (whether destructive or
> > conservative of value) becomes one of client
> > ease.  Most all mail clients have trouble
> > understanding new conventions.
> 
> Non-interactive Hashcash can be implemented
> completely transparently from the regular users point
> of  view.  PODS can't, if you want to protect
> your private key, you need to request a smart card
> or at least a passphrase;  Unless
> you have an option "don't ask for my passphrase
> again" like they have in Windows, see P. Gutmann's
> paper "Where do your encryption keys want to go
> today?".

Sure, there are those issues.

> > To look at it from an experience pov, if we
> > could adjust mail protocols and clients easily
> > enough to add a mail payment scheme, then we
> > could have done the same to add crypto for
> > privacy purposes.
> 
> It already is integrated in mail clients.  Outlook is
> probably the most used MUA, and it implements
> S/MIME.  PGP has plugins for several MUAs.
> There are free plugins based on GPG.
> What prevents widespread use of the
> crypto implemented in these MUA is PKI
> "I don't want to bother getting a certificate from
> Verisign..."

So your point would be ... "let's strip
PKI out of email crypto and then it would
work?"  No arguments from this side :-)

> > Institutionally speaking, we (as an Internet)
> > have failed to deploy widespread crypto mail
> > in a lethargic and non-aggresive environment.
> > It's a bit hard to see how to deploy a mail
> > payment scheme when we are doing so against
> > the interests of an active, aggressive, funded
> > and smart enemy.
> 
> Implementationally speaking :), I don't see hashcash
> as having the same problems, at all.
> Have Microsoft integrate it in their MUA
> and it's a done deal (hopefully in a standard way
> of course, so that others can be compatible...).


Speaking any which way, a scheme which
relies on "Have Microsoft integrate it ..."
is dead in the water.  In practice, I think
we are both agreed that deployment of such
a protocol remains an unsolved problem!


> The only question that remains for me is if Hashcash-
> like schemes will really frustrate spamers, so
> the question is if it's worth to integrate it.

Many people think spammers will find a way,
and the problem with Hashcash is that it is
hard to test in the small.  If you and I
follow the protocol, it means nothing to
the spammers.

-- 
iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list