[messaging] Message delivery and revocation in Pond etc

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/04/14 19:02, Trevor Perrin wrote:
> I think you want signatures for garbage messages which fail
> end-to-end authentication but could be used to fill the recipient's
> mailbox with junk.

I don't see how the recipient's mailbox could be filled with junk by
anyone except the server. Anyone else would need a token to submit a
message; tokens are only issued to authorised senders, and the number
of tokens in circulation is controlled by the recipient, so it can be
kept within the capacity of the mailbox.

> With signatures a recipient can attribute a garbage message to a 
> particular sender, or to the server (if the message can't be 
> attributed to a sender, e.g. bad signature).

Hmm, good point. How about this: the recipient gives random tokens to
authorised senders, and the hashes of the tokens to the server. Now
the server can only send a message by dropping a submitted message and
stealing its token. If the recipient receives a junk message with a
valid token then either the sender sent a junk message, or the server
dropped a submitted message and stole its token.

If we trust the server not to drop submitted messages (which I think
we must under any scheme) then this works as far as I can see -
without requiring group signatures.

Cheers,
Michael


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJTPbubAAoJEBEET9GfxSfM/14IAJ75Ha6EQVtU0RUWwyIMf0wk
16G4f5pkl8MP6LXAlbTG3pRM7bgsunecaLfaaaIMKNCq7jbNedfXu/VQZpQtVpT2
G+4IKt5dkYVGmBA+YTSvNHrScaL/rYfnkMsKBhUNzjwm8uJntymubtYsXcXhlQXr
Gn5BtN3Z8myww+iObmGNt+kaYs2daO3WGtWScIqDbVbFPLAmwH5BSxvVbdymmrKo
ogXH9gAM4GZSibl7/XFrNMtJyJDc9+ehFonqj270xVWdGc5CULzgefIFKCsFDF/h
EgMUB4dsOw501dzusEHwpYfQnznr41jYgyYTyIRQdN5hetK7Im5eHwfsQc/ris8=
=/JqR
-----END PGP SIGNATURE-----