cryptographic whitelist tokens (Re: economics of spam)

Adam Back adam at cypherspace.org
Fri May 16 13:33:49 EDT 2003 

On Thu, May 15, 2003 at 03:10:58PM -0000, John R. Levine wrote:
> [...] Spammers, not being entirely stupid, will start sending spam with
> return addresses that they guess are on your whitelist.  
> [...]
> Sure, you could fix that problem by putting cryptographically
> verifiable signatures on all mail, but we all know how likely that is.

CAMRAM (http://www.camram.org) uses signatures to indicate white
listing.  (Each mail sent with hashcash is also sent with a signature
public key, and if the recipient chooses to respond (I think) then
they accept the signature public key and will accept future messages
for that user signed with that key.)

So while signing mails is generally bad in my view (for privacy and
unintended non-repudiation reasons), you don't have to sign the whole
mail only the sender, recipient pair.

I also suggested to CAMRAM using a MAC instead of a signatures, where
users introduce themselves to each other using hashcash, and include a
whitelisting MAC on the sender recipient pair, if the recipient
chooses to reply he need only include that token.

One advantage of signatures is that they can be safey verified by 3rd
parties (such as MTAs) just by storing the signature keys; where as
with MACs the MTA would have to store the whole MAC as it passes (or
the user has to give his MAC key to the MTA, and risk that the MTA can
forge white list tokens for him).

The MAC-based whitelist could also be implemented with a key held by
the MTA purely at the MTA based on users exchanging emails.

I would argue MACs are simple, much faster to verify, and safely
implemented at the verification point by having the verification point
own the key (verification point being either MTA or recipient).


So you comment 

> Sure, you could fix that problem by putting cryptographically
> verifiable signatures on all mail, but we all know how likely that is.

So on the deployment side: bear in mind that what ever cryptographic
token you use to implement white lists in this scheme (CAMRAM, or
other), it has the same deployment vector as hashcash, and so has
exactly the same chance of deployment that it does.

Adam

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list