[13317] in cryptography@c2.net mail archive
Re: Payments as an answer to spam
daemon@ATHENA.MIT.EDU (Dan Geer)
Sat May 17 18:52:19 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: "Eric S. Johansson" <esj@harvee.org>
Cc: cryptography@metzdowd.com
In-reply-to: Your message of "Fri, 16 May 2003 14:04:37 EDT."
<3EC52835.902@harvee.org>
Date: Sat, 17 May 2003 17:07:55 -0400
From: Dan Geer <geer@world.std.com>
> ... snip ...
> good analysis. It's the classic reason why any payment system is
> cursed as an antispam system. That latency between value retrieval
> and propagation of that status is the real killer. As you point
> out, a secondary killer is the number of queries one needs to make
> against a coin/stamp/check verifier.
> ... snip ...
Noting the close similarity between spam and denial of service,
it is worth remembering that there is a fundamental tradeoff
between authorization requirements and vulnerability to DoS
in that the work factor I can impose on you is proportional
to the amount of labor I can cause you to voluntarily perform
before you can make your GO/NOGO decision on my authorization
for further service. Adding work factor the better to ensure
that no unauthorized services are performed paradoxically
increases your vulnerability to DoS in that I can ask for
that pre-authz work to be done as often as I like.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
