1997-01-02 - Re: Hardening lists against spam attacks

Header Data

From: Bill Frantz <frantz@netcom.com>
To: cypherpunks@toad.com
Message Hash: 1379d707a3068af69d67514c56ccb39bbd9c5599ac3f64d2d8c97424fa6a9d1d
Message ID: <v0300780faef090ff3076@[199.182.128.36]>
Reply To: <199612312306.RAA00569@smoke.suba.com>
UTC Datetime: 1997-01-02 04:54:20 UTC
Raw Date: Wed, 1 Jan 1997 20:54:20 -0800 (PST)

Raw message

From: Bill Frantz <frantz@netcom.com>
Date: Wed, 1 Jan 1997 20:54:20 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: Hardening lists against spam attacks
In-Reply-To: <199612312306.RAA00569@smoke.suba.com>
Message-ID: <v0300780faef090ff3076@[199.182.128.36]>
MIME-Version: 1.0
Content-Type: text/plain


I guess from reading Scott McGuire's message I should have described the
posting procedure as well as the token issuing procedure.  Here is what you
do to post:

Poster writes the post and include the token in the required place
(wherever that turns out to be).  Poster encrypt the message with the
list's secret key and sends it to the list.  Majordomo decrypts the
message, checks the token, and if the token check passes, sends the
plaintext of the message to the list members.

Important points:

(1) You do not need a secret key to post.  This feature allows you to post
from machines where you don't want to store your secret key ring.
(2) List members do not need PGP, only posters.
(3) People who want to post who can't due to local policy (e.g. no PGP)
have choices:
 (a) Get a real ISP and machine and become a first class citizen.
 (b) Send the post to someone who can post via private mail, explain
     the situation and ask to have it posted.

The principle reason for using PGP for posting is to protect the token from
theft.  I don't know a single-message, one-way protocol where a person can
show possession of a token without reveling it.  If there is such a
protocol, then PGP is no longer required.

David Molnar asks:
>In any case, what bogeyman are we worried about, anyway? Pseudonyms? This
>list is already full of 'em. That's nothing new. Forged messages? If you
>trust anything you read on the Internet...well.. Privacy? It's a public
>mailing list, and one which I have long respected for its tradition of
>openness and inclusion.
><casts nervous glance>

The bogeyman is flooding attack which make the list server effectivity
unavailable.  I have tried to preserve all the features he lists.


-------------------------------------------------------------------------
Bill Frantz       | Client in California, POP3 | Periwinkle -- Consulting
(408)356-8506     | in Pittsburgh, Packets in  | 16345 Englewood Ave.
frantz@netcom.com | Pakistan. - me             | Los Gatos, CA 95032, USA







Thread