another off-list reply to ASRG discussion

On Tue, Nov 18, 2008 at 5:32 AM, John Levine wrote:
>>>> It kills this model dead at any interesting message volume.
>>
>>True for central authority of crypto cookies, or highly complex algorithms
>>that require significant CPU resources, but what if recipients issued and
>>tracked their own "crypto cookies" (stamps) that senders could obtain in a
>>standard automated method?
>
> You're suggesting that each sender has to negotiate with each recipient
> before it can send mail? Man, if there's a faster way to kill e-mail,
> I don't know what it is.

The negotiation can be made automatic. Modems negotiating transport speed at the beginning of the connection certainly didn't kill dial-up service.

>>overhead. The recipient would need to balance their risk of accepting
>>duplicate cookies with the amount of resource they wanted to dedicate to
>>generating unbreakable cookies.
>
> The issue isn't counterfeit stamps, it's real stamps being used more
> than once. The only way we know to prevent double spending is to have
> a bank that remembers which ones have been spent and cancels them in
> real time as requests come in. That turns out to be an extremely
> difficult database problem, high speed consistent updates. We have to
> assume that spammers will be as hostile as possible, so they'd buy a
> hundred stamps, than mailbomb you with a hundred thousand messages,
> each of which had one of the hundred genuine stamps.

And that is why bearer stamps won't work. Skipping the bearer process however and having a central accounts database where trusted participating MTAs connect to for the high speed consistent updates is less complex and is a standard scalability problem simpler than current credit card authorization infrastructure. Yes, universal adoption will require a big central installation.

previous - next