At 11:52 PM 05/12/2003 -0500, Roy M.Silvernail wrote:
On Monday 12 May 2003 07:09 pm, Joseph Ashwood wrote:
That one's easy. Use a problem that is not in P but is in NP. To make it clearer to most people, use a problem that can be verified cheaply, but that can't be solved cheaply.
Please permit me to join the dense crowd. Now that I've proved my labor, how do I attach the proof to the email? Obviously, some parts of the message are added to a hash, but which parts? If it's the body, is whitespace damage still an issue?
The obvious mechanisms for including it are a header line, X-Hashcash-Version-1212: 0x20A13490B8219048243 which is easy pretty easy for almost anybody to add. You could also do an ESMTP extension of some sort, which is much more annoying to add, but lets you reject non-hashcashed messages before receiving them. (The ESMTP approach also has the problem that it's only useful for direct connections, as opposed to mail relayed through your ISP, so that probably isn't as interesting.) Some of the hashcash proposals have required near-real-time interaction between the sender's client and the recipient's server, to collect the string of the day or string of the moment, which has privacy/anonymity problems, while others either use a fixed or slowly changing parameter set, e.g. find a string that matches the first N bits of the SHA1 of recipient@example.com-YYYYMMDDHH or recipient@example.com-YYYYMMDDHH-KEYPHRASE So the recipient's mail server or client looks for the X-Hashcash string, makes sure it isn't recipient@example.com-YYYYMMDDHH-KEYPHRASE, hashes it and makes sure that the number matches, and you're good to go.