> From: Valdis.Kletnieks@vt.edu > ... > The bootstrap problem will exist no matter what scheme we decide on. There are many spam solutions that do not have the bootstrapping problem. Examples include effective laws and honest intent and action by ISPs. Before saying those are hopeless, please note that the many bootstrap-limited proposals don't have proven prospects. > The point I was addressing was that there's been two major classes of > scheme proposed ... > However, the partitions created by each scheme are quite complementary, > ... Your observation of how those two solutions fit together is interesting...or would be if they did not suffer from other problems. > ... > > Moore's law causes a bunch of problems for the computing idea. ... > It may not be as big of a problem as we think. Rough back-of-envelope > calculations now: Let's say we assume a function X designed to take 10 > seconds of CPU on my laptop (which has a 1.6Gz P-4 in it) to limit it to 8K > messages/day. http://www.intel.com/home/desktop/pentium4/ suggests state of the commodity art is about twice that, which lets a spammer send 16K msgs/day. Moore's law is still a treadmill that you don't want to fight. > Now, this same function will take around 2 minutes on a 133mz > processor and be restricted to 800 mails/day. ... I would put the lower limit at around 48 MHz on 80486s, or ~8 times slower than a 133 MHz Pentium. Such machines go back less than 10 years. Would you expect your conservative correspondents to spend 15 minutes to send you a message, or would you just white-list them? Once you start white-listing, it's hard to have much enthusiasm for more fancier solutions. > Now how many people are still using a 133 system to do that much outbound mail > themselves (and *NOT* just relaying all outbound mail to a smarthost)? I think recent FreeBSD and sendmail would still work fine at 48 MHz, although you probably want to stuff the thing to the gills with 64 MByte of RAM, or more if it can take it. There are many computing tasks that don't need 3 GHZ and 3 GByte. Aren't busy smarthosts significantly busier than 80K msgs/day? >From my old experience, that was true even when they were running at less than 50 MHz and with perhaps 100 MByte. Besides, no matter what inmates of glass houses and big ISPs would have you think, SMTP is a peer-to-peer protocol. A major damage spam is doing is helping government commissars and ISP salescritters convince people that the ancient Compuserve/AOL/Prodigy/whatever dumb-terminal- connected-to-central-servers is the only way to do public networking and computing. And > even *MORE* to the point, what are the chances that a system that old will be > upgraded software-wise to support a scheme, even if it takes zero additional > CPU? ... Would you whitelist it for the next 10 years? If there are very few, white-listing works. If not, you've got that bootstrapping problem, and you've invited the white-listing camel into your tent. Vernon Schryver vjs@rhyolite.com