The future of security
Anton Stiglic
astiglic at okiok.com
Wed May 26 09:30:46 EDT 2004
----- Original Message -----
From: "Steven M. Bellovin" <smb at research.att.com>
To: "Ian Grigg" <iang at systemics.com>
Cc: "Graeme Burnett" <rgb at enhyper.com>; <cryptography at metzdowd.com>
Sent: Tuesday, May 11, 2004 11:36 AM
Subject: Re: The future of security
> In message <409ACFC7.6050407 at systemics.com>, Ian Grigg writes:
> > Security architects
> >will continue to do most of their work with
> >little or no crypto.
>
> And rightly so, since most security problems have nothing to do with
> the absence of crypto.
> >
> >j. a cryptographic solution for spam and
> >viruses won't be found.
>
> This ties into the same thing: spam is *unwanted* email, but it's not
> *unauthorized*. Crypto can help with the latter, but only if you can
> define who is in the authorized set of senders. That's not feasible
> for most people.
Something like hashcash / client puzzles / Penny Black define a set
of authorized email (emails that come with a proof-of-work), and then
provide a cryptographic solution. This is not a full-proof solution (as
described in the paper Proof-of-Work Proves Not to Work),
but a good partial solution that is probably best used in combination
with other techniques such as white-lists, Bayesian spam filters , etc...
I think cryptography techniques can provide a partial solution to spam.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list