[messaging] Recognizing senders of metadata-hidden messages
Jeff Burdges
burdges at gnunet.org
Tue Jul 28 13:42:27 PDT 2015
On Tue, 2015-07-28 at 20:45 +0200, Jeff Burdges wrote:
> p.s. There is a "trivial" S0 M0 R0 Rev0 delivery scheme in which all
> connections remain "dialed" in that the mailbox number for that
> particular pair of contacts is derived from a hash of the previous
> axolotl round's rootkey, similarly to how pond derives the encryption
> key for the axolotl header. This is delivery authentication in the
> sense that you'll never bother to check a mailbox that does not
> already belong to you. And mailboxes move all the time. This scheme
> does not scale. And it does not protect the server from DoS either.
Oops, M0 doesn't exactly apply here, as you'd frequently send a couple
messages to the same box. Instead, it has an M-like property that
applies equally to sender and recipient, making it stronger than M0 in
practice.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150728/18ef3f78/attachment.sig>
More information about the Messaging
mailing list