use Perl

• Authentication is bad ... (Score:1)

  by drhyde (1683)

  ... because there are perfectly legitimate reasons to want to send mail anonymously or from a throw-away account. For example, I might want to send mail to a corporation criticising their customer service, but not want them to have my real address anywhere on file. Or I might want to ask a question about my embarrassing disease on a mailing list. Or a question about an area I'm meant to be an expert in, and I'm afraid my employer might fire me if they find my post in the list archives.

  No, the way to st
  • Re:Authentication is bad ... (Score:1)

    by iburrell (4155)

    Calculating the signature wouldn't be a difficult problem that takes 30 seconds to calculate. But it would slow sending email down a little. An important feature of the system would have to be that something is calculated for every single recipient address. Also, there would have to be a mechanism that prevents calculating the signatures in advance. Perhaps the receiving servers sends a nonce that must be included in the signature.
    • Re:Authentication is bad ... (Score:1)

      by drhyde (1683) on 2003.10.16 15:28 (#24932) Homepage Journal

      The hashcash FAQ is here [hashcash.org].

      Reply to This

      Parent

      • Re:Authentication is bad ... (Score:1)

        by iburrell (4155)

        I was thinking about using something similar for the authentication of sending to recipients. One lack of that scheme is that it doesn't include the sender in the calculation. It still allows forging the sender address. I was also thinking about having the receiving server send a nonce that need to be included in the calculation. This makes it difficult to precomputer

        One reason to put the authentication in the SMTP protcol is that the sender and recipient addresses are well defined there. Email clie