[15458] in cryptography@c2.net mail archive
Re: The future of security
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Wed May 26 11:19:08 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "Steven M. Bellovin" <smb@research.att.com>,
"Ian Grigg" <iang@systemics.com>
Cc: "Graeme Burnett" <rgb@enhyper.com>, <cryptography@metzdowd.com>
Date: Wed, 26 May 2004 09:30:46 -0400
----- Original Message -----
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Ian Grigg" <iang@systemics.com>
Cc: "Graeme Burnett" <rgb@enhyper.com>; <cryptography@metzdowd.com>
Sent: Tuesday, May 11, 2004 11:36 AM
Subject: Re: The future of security
> In message <409ACFC7.6050407@systemics.com>, Ian Grigg writes:
> > Security architects
> >will continue to do most of their work with
> >little or no crypto.
>
> And rightly so, since most security problems have nothing to do with
> the absence of crypto.
> >
> >j. a cryptographic solution for spam and
> >viruses won't be found.
>
> This ties into the same thing: spam is *unwanted* email, but it's not
> *unauthorized*. Crypto can help with the latter, but only if you can
> define who is in the authorized set of senders. That's not feasible
> for most people.
Something like hashcash / client puzzles / Penny Black define a set
of authorized email (emails that come with a proof-of-work), and then
provide a cryptographic solution. This is not a full-proof solution (as
described in the paper Proof-of-Work Proves Not to Work),
but a good partial solution that is probably best used in combination
with other techniques such as white-lists, Bayesian spam filters , etc...
I think cryptography techniques can provide a partial solution to spam.
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
