The future of security

Anton Stiglic astiglic at
Wed May 26 09:30:46 EDT 2004

----- Original Message ----- 
From: "Steven M. Bellovin" <smb at>
To: "Ian Grigg" <iang at>
Cc: "Graeme Burnett" <rgb at>; <cryptography at>
Sent: Tuesday, May 11, 2004 11:36 AM
Subject: Re: The future of security 

> In message <409ACFC7.6050407 at>, Ian Grigg writes:
> > Security architects
> >will continue to do most of their work with
> >little or no crypto.
> And rightly so, since most security problems have nothing to do with 
> the absence of crypto.
> >
> >j.  a cryptographic solution for spam and
> >viruses won't be found.
> This ties into the same thing:  spam is *unwanted* email, but it's not 
> *unauthorized*.  Crypto can help with the latter, but only if you can 
> define who is in the authorized set of senders.  That's not feasible 
> for most people.

Something like hashcash / client puzzles / Penny Black define a set
of authorized email (emails that come with a proof-of-work), and then
provide a cryptographic solution.   This is not a full-proof solution (as
described in the paper Proof-of-Work Proves Not to Work), 
but a good partial solution that is probably best used in combination
with other techniques such as white-lists, Bayesian spam filters , etc...

I think cryptography techniques can provide a partial solution to spam.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list