Re: [Asrg] 3. Proof-of-work analysis
Jonathan Morton <chromi@chromatix.demon.co.uk> Wed, 19 May 2004 22:36 UTC
Received: from optimus.ietf.org (iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA25616 for <asrg-archive@odin.ietf.org>; Wed, 19 May 2004 18:36:34 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQZbM-0003fU-J1 for asrg-archive@odin.ietf.org; Wed, 19 May 2004 18:31:52 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4JMVqLw014096 for asrg-archive@odin.ietf.org; Wed, 19 May 2004 18:31:52 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQZVp-0001wE-R1 for asrg-web-archive@optimus.ietf.org; Wed, 19 May 2004 18:26:10 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA25069 for <asrg-web-archive@ietf.org>; Wed, 19 May 2004 18:26:05 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQZVm-0003A5-QR for asrg-web-archive@ietf.org; Wed, 19 May 2004 18:26:06 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQZUt-00034k-00 for asrg-web-archive@ietf.org; Wed, 19 May 2004 18:25:12 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BQZUX-0002yV-00 for asrg-web-archive@ietf.org; Wed, 19 May 2004 18:24:49 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQZK7-0004jE-Gt; Wed, 19 May 2004 18:14:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQZCP-0007xA-L2 for asrg@optimus.ietf.org; Wed, 19 May 2004 18:06:05 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA23298 for <asrg@ietf.org>; Wed, 19 May 2004 18:06:01 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQZCM-0000vn-Pc for asrg@ietf.org; Wed, 19 May 2004 18:06:02 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQZBQ-0000qL-00 for asrg@ietf.org; Wed, 19 May 2004 18:05:05 -0400
Received: from chromatix.demon.co.uk ([80.177.102.173] helo=lithium.chromatix.org.uk) by ietf-mx with esmtp (Exim 4.12) id 1BQZAj-0000l6-00 for asrg@ietf.org; Wed, 19 May 2004 18:04:21 -0400
Received: from arowana.chromatix.org.uk ([192.168.239.106]) by lithium.chromatix.org.uk with esmtp (Exim 4.31) id 1BQZAi-0000Qx-0N; Wed, 19 May 2004 23:04:20 +0100
In-Reply-To: <j8075egWYyqAFA8T@highwayman.com>
References: <LV1hjGBSmTqAFAry@highwayman.com> <CB27C1AA-A8AB-11D8-B336-000393863768@chromatix.demon.co.uk> <mevaB4e60fqAFAu2@highwayman.com> <03A0F711-A929-11D8-B336-000393863768@chromatix.demon.co.uk> <j8075egWYyqAFA8T@highwayman.com>
Mime-Version: 1.0 (Apple Message framework v613)
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Message-Id: <7E9EC56E-A9E0-11D8-B336-000393863768@chromatix.demon.co.uk>
Content-Transfer-Encoding: 7bit
Cc: asrg@ietf.org
From: Jonathan Morton <chromi@chromatix.demon.co.uk>
Subject: Re: [Asrg] 3. Proof-of-work analysis
To: Richard Clayton <richard@highwayman.com>
X-Mailer: Apple Mail (2.613)
Content-Transfer-Encoding: 7bit
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/mail-archive/working-groups/asrg/>
Date: Wed, 19 May 2004 23:04:26 +0100
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
>> As an example, Lancaster University provides a central UNIX-shell >> cluster for all students, among the services of which was the official >> e-mail system. Because it's a UNIX shell system, the mail is sent >> from >> the members of the cluster, not from the terminal used to log on. So, >> in theory, the Internet sees 10,000 students sharing three 4-way Sun >> workstations (this, at least, was what the configuration used to be). > > sorry, you're not counting hosts here, but MTAs. I have no global > figures on MTA populations to hand -- and I'm not sure if anyone else > has that sort of data On the contrary, I explicitly pointed out that the three physical machines involved were at least capable of running MUAs for up to 10000 students. The fact that the physical displays are scattered around the campus, and possibly the city to some extent, is irrelevant. The fact that many students use alternative e-mail systems is relevant, but a sufficiently high proportion do still use the UNIX shell. > looking at RIPE I see that Lancaster has 144.88.0.0/16 (as well as a > /20 > and some IPv6 space). You aren't allowed /16s with just 4 hosts, so > though I doubt that the 10K students are actually using 64K hosts, I > suspect that the ratio of people to hosts is somewhere near the overall > Internet average Most of the address space is taken by the labs and staff office computers. I purposefully left the staff (about 1000 or so) out of the population figure for that reason. It might also be reasonable to exclude the research students, as these often have assigned computers as well, but they are a relatively small section of the student population. FWIW, the bedroom LAN connections are behind a NAT system and do not contribute to the address space. My point is that there are a few systems that genuinely handle large numbers of users for e-mail. Web-mail systems and UNIX shells are probably the prime members of this group. I believe some vendors are actively pushing "thin client" systems, which would also fall into this category. >> And yes, I agree that this particular use-case is fairly pessimal in >> terms of proof-of-work scenarios. However, intra-campus >> communications >> are typically quite well-ordered, so (with careful management around >> the beginning of the academic year) it could still be possible to use >> the same three workstations in a proof-of-work world. > > we disagree --- unless of course you have in mind some sort of > composite > scheme where not all email carries a proof-of-work. ...which I do. I thought I'd made that clear. While I don't yet have a document describing exactly how it works, the essence is that high-value hashcash can be replaced by a low-value hashcash combined with a whitelisted signature. The signature is also included with high-value hashcash tokens so that whitelists can be built easily. The required hashcash value for return mail is indicated by another header. I don't have any strong opinion on how the whitelist should be built - that's a matter between the recipient and their MUA. In the case of Lancaster University, each student could be given a default whitelist upon enrolment that included various campus-wide and departmental mailing lists, along with relevant professors and admin staff. Study groups, friends, relatives, and clubs could then be added in the normal way. > Adam's point about latency times in sending any email that did need a > proof-of-work calculation is one that should cause pause for thought > -- that pause being several times longer that the calculation itself > :) Right. Sending latency is not really a problem for end-users with always-on connections, but it could easily be for a dial-up user, or for an e-commerce system. Some proof-of-work schemes - including hashcash - can precompute a token from the moment the recipient list is known, which might overlap the time the user spends creating the message. Even so, it's clear that an (on average) hour-long computation is going to be unacceptable - for one thing, it would drain up to half a typical laptop's battery. Ten minutes is probably pushing it, too, though it's still possibly acceptable. I consider 60 seconds to be the practical upper limit, and *that* has to fit into the midrange machines from a couple of years ago, which are still in common use. > 60 seconds implies that you limit people to 1440 emails per day. If you > look again at the paper you will see that at this level the spammers > who > use zombies would be restricted to only about 5% of current activity > (ie > the solution would perceptually be no better than filtering) or > alternatively (if you think spammers will purchase kit to do the proof- > of-work sums "legitimately") you are forcing the price of spam up to > around 0.1 cents/email -- which is not sufficient to remove a lot of > topics from our mailboxes. Reducing the capacity of the zombie network is bound to be worthwhile. I would also suggest that victims are more likely to notice their infected machine if it has high CPU usage than if it has high network usage. I would also suggest that 0.1c per mail would make for less frivolity than the present 0.001c per mail. Your paper says that 0.1c/mail was used by spammers as a price in the past. The pertinent question is: how far in the past, and what were the spamming levels like back then? > To get the work factor high enough to have an impact, you need to be > thinking in terms of an hour or so :( Strongly disagree. To make an impact, the worst-case I can think of would demand about a minute of work on average, and I would hope we could work with less. Your idea of "make an impact", however, seems to be equivalent to our idea of "virtually eliminate the problem single-handed". My idea of "make an impact" starts from "prevent the problem from getting even worse than at present" and works from there. -------------------------------------------------------------- from: Jonathan "Chromatix" Morton mail: chromi@chromatix.demon.co.uk website: http://www.chromatix.uklinux.net/ tagline: The key to knowledge is not to rely on people to teach you it. _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- [Asrg] 3. Proof-of-work analysis Richard Clayton
- Re: [Asrg] 3. Proof-of-work analysis Barry Shein
- Re: [Asrg] 3. Proof-of-work analysis Seth Breidbart
- Re: [Asrg] 3. Proof-of-work analysis der Mouse
- RE: [Asrg] 3. Proof-of-work analysis Hallam-Baker, Phillip
- Re: [Asrg] 3. Proof-of-work analysis Seth Breidbart
- Re: [Asrg] 3. Proof-of-work analysis Jonathan Morton
- Re: [Asrg] 3. Proof-of-work analysis der Mouse
- Re: [Asrg] 3. Proof-of-work analysis Alan DeKok
- Re: [Asrg] 3. Proof-of-work analysis Richard Clayton
- Re: [Asrg] 3. Proof-of-work analysis Alan DeKok
- Re: [Asrg] 3. Proof-of-work analysis der Mouse
- Re: [Asrg] 3. Proof-of-work analysis Jonathan Morton
- RE: [Asrg] 3. Proof-of-work analysis grsa
- RE: [Asrg] 3. Proof-of-work analysis Bill Cole
- Don't blame the list, blame me (was RE: [Asrg] 3.… Bill Cole
- RE: [Asrg] 3. Proof-of-work analysis Bill Cole
- [Asrg] Re: 3. Proof-of-work analysis Adam Back
- Re: [Asrg] 3. Proof-of-work analysis Richard Clayton
- [Asrg] Re: 3. Proof-of-work analysis Adam Back
- Re: [Asrg] 3. Proof-of-work analysis Tony Finch
- Re: [Asrg] 3. Proof-of-work analysis Seth Breidbart
- Re: [Asrg] Re: 3. Proof-of-work analysis Jonathan Morton
- Re: [Asrg] Re: 3. Proof-of-work analysis Barry Shein
- Re: [Asrg] 3. Proof-of-work analysis Jonathan Morton
- [Asrg] Re: 3. Proof-of-work analysis Philip Miller
- Re: [Asrg] 3. Proof-of-work analysis Jon Kyme
- Re: [Asrg] Re: 3. Proof-of-work analysis Mark Baugher
- [Asrg] Re: 3. Proof-of-work analysis Adam Back
- Re: [Asrg] 3. Proof-of-work analysis Richard Clayton
- Re: [Asrg] Re: 3. About hashcash v1 (was: Proof-o… Jonathan Morton
- [Asrg] Re: 3. Proof-of-work analysis Adam Back
- Re: [Asrg] Re: 3. Proof-of-work analysis william(at)elan.net
- Re: [Asrg] Re: 3. Proof-of-work analysis Richard Clayton
- Re: [Asrg] Re: 3. Proof-of-work analysis Richard Clayton
- Re: [Asrg] Re: 3. Proof-of-work analysis william(at)elan.net