[Cryptography] Good private email

Ray Dillinger bear at sonic.net
Mon Aug 26 14:54:32 EDT 2013 

On 08/26/2013 10:39 AM, Jerry Leichter wrote:
> On Aug 26, 2013, at 1:16 PM, Ray Dillinger <bear at sonic.net> wrote:

>> Even a tiny one-percent-of-a-penny payment
>> that is negligible between established correspondents or even on most email
>> lists would break a spammer.

> This (and variants, like a direct proof-of-work requirement) has been proposed
> time and again in the past.  It's never worked, and it can't work, because the
> spammers don't use their own identities or infrastructure - they use botnets.
> They don't care what it costs (in work or dollars or Bitcoins) to send their
> message, because they aren't going to pay it - the machine they've taken over
> is going to pay.

Possible, but Doubtful.  The bitcoin "wallet" is extraordinarily secure
as software goes. Once you've chosen a keyphrase, It NEVER gets saved in
decrypted form to the disk, and even in the client software, cannot be
decrypted except by explicit command and will not remain in memory for more
than a few seconds in decrypted form. Furthermore, the client software
does not invoke other programs (like Word or other scriptable attack
vectors) under any circumstances.  Furthermore any "extensions" like
clickable URLs in messages or javascript execution etc or other methods
by which external possibly non-secure applications could start up with
information from inside the client would be soundly rejected as
untrustworthy extensions.  People design for and demand an altogether
different level of security when you're talking about their own money,
and handle the "complexities" of key management with no difficulty.

In short, no possibly naive user could convince the developers to do
the stupid things that email clients do for coolness or convenience in
the context of a financial client.

If there were a vulnerability or exploit discovered that allowed a spammer
to take control of a bitcoin account, it would be regarded as a MAJOR
DISASTER by the community and prompt a fix within minutes, not hours
days or months as is the case with "mere" email clients.

Consider that *every* *last* *developer* stands to lose at least
thousands or tens of thousands of dollars of real, personally owned
money if confidence in the network falters.  In some cases literally
millions.  This is not some hypothetical loss to "the company" that
they can be ordered to do by some boss even though they think it's
a bad idea, nor some hobby that they can allow to fall by the wayside;
these people are deeply and very literally invested in the security
of the code, and flatly will refuse to do anything that might
compromise it.

If some company did issue a client with security holes, the usual
shrink-wrap "not liable" crap would be completely unacceptable, the
lawsuit exposure would be somewhere in the trillions of dollars,
and the legal costs to even try to defend a mealymouthed claim of
"not liable because of our shrink wrap license" from the resulting
firestorm would probably break the company.  There are *dozens*
of serious, litigous, investors who hold millions of dollars in
bitcoin these days, including, among others, the Winkelvoss
brothers who spent ten years or more pursuing their infamous
Facebook lawsuit.  Even if you win that legal fight you're going
to lose.

The fact that the client is also highly usable is an excellent example
of interface design.

				Bear

More information about the cryptography mailing list