[messaging] Reduce identity key exposure in Pond
mail at bharr.is
Mon Mar 30 23:01:43 PDT 2015
On 31 March 2015 at 13:43, Trevor Perrin <trevp at trevp.net> wrote:
> You're also adding a security property that the server's in position
> to violate. An alternative would be for Alice to create separate Pond
> identities when she wants to communicate under different, unlinkable
> pseudonyms. This gives her the possibility of keeping these
> identities unlinked even from the server, so it's arguably a better
> solution for this problem.
A third alternative is to drop the <id> and have the server try to validate
the MAC with all the posibilities - the server is still in the position to
violate this too.
Making it easy to create and manage Pond identities sounds like the best
way to go.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging