[messaging] Message delivery and revocation in Pond etc
Ximin Luo
infinity0 at pwned.gg
Thu Apr 3 14:33:05 PDT 2014
On 03/04/14 21:06, Trevor Perrin wrote:
> On Thu, Apr 3, 2014 at 12:50 PM, Michael Rogers
> <michael at briarproject.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> On 03/04/14 19:02, Trevor Perrin wrote:
>>> I think you want signatures for garbage messages which fail
>>> end-to-end authentication but could be used to fill the recipient's
>>> mailbox with junk.
>>
>> I don't see how the recipient's mailbox could be filled with junk by
>> anyone except the server. Anyone else would need a token to submit a
>> message; tokens are only issued to authorised senders, and the number
>> of tokens in circulation is controlled by the recipient, so it can be
>> kept within the capacity of the mailbox.
>
> In Pond, at least, the mailbox/recipient bandwidth is kept to a low,
> roughly constant level over time, to resist traffic analysis.
>
> Thus the recipient can be temporarily DoS'd by a fairly low volume of
> messages. I'm not sure it's feasible to keep the # of outstanding
> tokens so low as to prevent this.
>
It took me a long time to finally understand what you meant by this. I'll state it explicitly for others' benefit (since you didn't mention this in the original list of requirements :p):
- Bob's server knows that {Bob will successfully identify the sender}.
This is because we don't want even *contacts* to spam our mailbox with random junk, we only want valid messages to be accepted by the server.
This is dangerous in schemes that separate authorize-sender-to-server vs authenticate-sender-to-Bob, including the one Michael suggested a few messages ago, and including the scheme I suggested in the other branch of this thread, because any of Bob's contacts can do this spamming *without being identified*.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 880 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140403/c2409a10/attachment.sig>
More information about the Messaging
mailing list