[cap-talk] can one use capabilities to stop spam without identity?
Patroklos Argyroudis
argp at cs.tcd.ie
Sun Jan 21 09:43:09 CST 2007
On Sun, Jan 21, 2007 at 01:52:48PM +0100, Matej Kosik wrote:
>
> Such a scenario is possible but I do not see how it could shield Bob
> from spammers. Spammers can create a script that create zilion
> identities and send Bob zilion different requests for capabilities to
> writing to him. This would not help Bob because
> - if he grants them, he will receive zilion messages and then he must go
> though them and sort useful from useless and one by one revoke those
> issued capabilities.
> - if he does not grant them, then he lives in its own closed world. This
> is very simple but makes the system unusable.
A possible solution could be a web-of-trust or friend-of-a-friend
based algorithm that automatically grants capabilities to requesters
that can be a) reached from the recipient's (Bob in your example)
trusted set and b) authenticated. Open issues? Sure, many. For
example, bootstrapping and maintenance of the trusted set, and privacy
violations with making this set public (to allow the operation of the
algorithm).
> The book sketches a scheme similar to a web of trust in which anyone can
> build its own identity/ies.
I have to get Earthweb! :)
Regards,
--
Patroklos Argyroudis
http://ntrg.cs.tcd.ie/~argp/
More information about the cap-talk
mailing list