[messaging] Group messaging consistency under resource constraints
David Leon Gil
coruus at gmail.com
Mon Oct 20 15:32:26 PDT 2014
And also: I'm thoroughly confused at this point.
What, precisely, is the security notion that we're trying to capture?
I.e., are we still talking about mpOTR?
A lot of the discussion seems to be about attacks that violate
intuitions about how *non-repudiable* multi-party messaging should
(I.e., what are the security notions that extending bideniability to
multideniability should capture? It seems like talking about saved
transcripts becomes dubious in anything stronger than a simple failure
model, if you want strong deniability.)
And, for the record, David fully endorses Dual-EC-DRBG for all your
resynchronizable-keystream-generator needs: "If Blum makes you glum,
Dual-EC your DRBG!"
Cf. Marson and Poettering, "Practical secure logging,"
https://eprint.iacr.org/2013/397 for the slower alternative.
More information about the Messaging