[messaging] Message delivery and revocation in Pond etc

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/04/14 23:57, Ximin Luo wrote:
>> In the scheme I suggested, the recipient would remember which 
>> contact each token had been issued to, so each junk message
>> would be attributable to either the contact to which the attached
>> token was issued, or the server - not any other contact.
>> 
> 
> Yes, my wording could have been better, this is a new concept to
> me. The attack might seem esoteric, but if we can do better, why
> take this risk? The server being hostile is a problem you don't
> want to be uncertain about, and without this property, every single
> junk message raises the question "maybe the server is hostile, or
> maybe not".

Ah, sorry, I misunderstood. Yes I agree that Trevor's scheme allows
spam to be attributed to the server after a single message, whereas
mine would require multiple messages. So Trevor's scheme is better.

But my misunderstanding has raised a question: in Pond, does the
recipient have some trapdoor information that the server doesn't have,
allowing the recipient to tell which contact made the group signature?

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJTPeqUAAoJEBEET9GfxSfMJHkH/iEhUufPjqjmWii22s8zurQQ
Z0VXhBUQnWKIwup8BxHJKeMbxmTe3UQkWBwKuF9TTFl4KN26kXXDq3mZUNOvLgwu
/TReXRRq5Nwvs9AVM/Dz0/wLs0wbs41AbZcY+QTANCGvepGp8+rSX4r0K365nUdt
RykQq1kNDBek1lNcRk2lE2ok5Tz871LAKqYY9RFkxRyLmkiv+gAejuPaiujqBrx/
HQsORtRcWhGXMq5N7tabGWnWctiY/8gJl21S2Vco1FFA7RtUhIpSLxpQge/H7W+w
m4Peo1XWm15M2lU1ZGqkd8lAy1t99qwNhliQuwsmFrzRbqAJGtMghksGD28VDDg=
=UO77
-----END PGP SIGNATURE-----