[messaging] Introduction secrets and "unlinkable rendezvous" protocols

Brian Warner warner at lothar.com
Mon Feb 17 23:56:57 PST 2014

On 2/15/14 4:50 PM, Trevor Perrin wrote:

> Here's a better sketch of the "DH rendezvous" idea, fwiw.

I like it, especially the way it removes the need for a single global
mutable rendezvous server. It's much easier to set up a single global
*immutable* publishing system.

> During an offline meeting, users would exchange their long-term
> fingerprints. They would then enter the other party's fingerprint into
> their app, which would perform some pre-rendezvous steps:
>  - Retrieve the other party's introduction cert by querying one of the
>    mirrors.

Would that require some sort of PIR protocol? Seems like the mirrors
could learn who's interested in whom at about the same time, and thus
deduce the connection.


More information about the Messaging mailing list