-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Roy M.Silvernail (2003-05-13 04:52Z) wrote:
On Monday 12 May 2003 07:09 pm, Joseph Ashwood wrote:
That one's easy. Use a problem that is not in P but is in NP. To make it clearer to most people, use a problem that can be verified cheaply, but that can't be solved cheaply.
Please permit me to join the dense crowd. Now that I've proved my labor, how do I attach the proof to the email? Obviously, some parts of the message are added to a hash, but which parts? If it's the body, is whitespace damage still an issue?
The message-id would need to be included. Lots of people filter duplicate messages, and those who don't probably should. If spammers try to replay, their duplicates get dropped. If they don't reply using the same message id, they're forced to regenerate hashcash tokens. Using duplicate message ids is an RFC violation, and just using those in the hash avoids the complication of mangled message bodies. It also gets rid of idiot MUAs which don't include message ids. The mess seems to occur when considering how to verify that that particular message, with a particular message id, wasn't bcc'd to) to 10 billion other people. How do you determine whether a Delivered-To header, if a mail server was even nice enough to indicate which envelope to: address it used in the history of a message instance, indicates a mailing list or an individual? How do you know whether any hashcash token that may have been generated based on a particular envelop to: address is valid or corresponds to a delivery list with so many people that the hashcash should be invalidated and whitelisting required? If envelope to: addresses are not each required to have separate hashcash tokens, doesn't the whole scheme fall apart? I don't know that including a Date: header in the hash improves the situation. - -- Freedom's untidy, and free people are free to make mistakes and commit crimes and do bad things. They're also free to live their lives and do wonderful things. --Rumsfeld, 2003-04-11 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2rc2 (GNU/Linux) iEYEARECAAYFAj7BMzQACgkQnH0ZJUVoUkPPcwCgyznLWmSJjLLjqc+N8QTRkahx NIQAn2EtKQE32V5XfS6sXWtu0JeegZll =nBxD -----END PGP SIGNATURE-----