[108068] in Cypherpunks
CDR: Re: Idea to eliminate most spam on mailing lists [CP] (fwd)
daemon@ATHENA.MIT.EDU (Jim Choate)
Wed Feb 3 08:52:53 1999
From: Jim Choate <ravage@einstein.ssz.com>
To: cypherpunks@einstein.ssz.com
Date: Wed, 3 Feb 1999 07:30:44 -0600 (CST)
Reply-To: Jim Choate <ravage@einstein.ssz.com>
----- Forwarded message from Tom Vogt -----
Date: Wed, 03 Feb 1999 11:52:14 +0100
From: Tom Vogt <tv@wlwonline.de>
Subject: CDR: Re: Idea to eliminate most spam on mailing lists [CP]
actually, requiring all postings to be signed by a valid (see below) key
would be enough. that would a) eliminate most spam because of the
cost/effort ratio, b) authenticate messages while allowing for anonymity
(only your key would be known, so one would know which person wrote
which mails, but nothing about that person) and c) be even easier for
most people - a lot of mail clients already allow an option to
automatically sign all mails or some mails (like all going to
cypherpunks@cyberpass.net). it would also c) not require the publication
of a private key.
"valid" in this context would most likely mean that the majordomo knows
the key. this would require adding key-handling functionality to
majordomo, probably a new command saying "key follows".
----- End of forwarded message from Tom Vogt -----
So, where does the key come from?
There are two classes of key servers in this model:
1. public key servers which will provide the key for a particular
mailing list or service. It is obtained either prior to subscription
or at time of subscription. In general the keys on the server can be
gotten one at at time or batched. The key is the same for all users.
2. private key generation which generates a unique key tied to a
particular email address. It must be obtained through a specific
service provider prior to or at time of subscription. It is up to
the user to manage their keys.
Either of these approaches work *if the number of sites using them is low*
compared to the total number of sites. If either system gets very large then
they become unmanageable. In the first case it becomes economicaly worth
the spammers time to vacuum all the public key servers. In the second the
number of keys (one for each newsgroup, irc channel, email account, etc.)
become very prohibitive to manage. There is also the additional support
costs on 2 which would be problematic. In neither case does the key
process provide anonymity of a higher level than non-key access; if it's a
public key then it's effectively no key at all, whereas if it's a private
key you have the operator of the service being able to tie the various
parties and keys together. In the second case, what happens when a user
losses their key? How are keys normaly aged?
____________________________________________________________________
There is a coherent plan in the universe, though
I don't know what it's a plan for.
Fred Hoyle
The Armadillo Group ,::////;::-. James Choate
Austin, Tx /:'///// ``::>/|/ ravage@ssz.com
www.ssz.com .', |||| `/( e\ 512-451-7087
-====~~mm-'`-```-mm --'-
--------------------------------------------------------------------
