[messaging] Message delivery and revocation in Pond etc

[Michael Rogers]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/04/14 22:33, Ximin Luo wrote:
> It took me a long time to finally understand what you meant by
> this. I'll state it explicitly for others' benefit (since you
> didn't mention this in the original list of requirements :p):
> 
> - Bob's server knows that {Bob will successfully identify the
> sender}.
> 
> This is because we don't want even *contacts* to spam our mailbox
> with random junk, we only want valid messages to be accepted by the
> server.
> 
> This is dangerous in schemes that separate
> authorize-sender-to-server vs authenticate-sender-to-Bob, including
> the one Michael suggested a few messages ago, and including the
> scheme I suggested in the other branch of this thread, because any
> of Bob's contacts can do this spamming *without being identified*.

In the scheme I suggested, the recipient would remember which contact
each token had been issued to, so each junk message would be
attributable to either the contact to which the attached token was
issued, or the server - not any other contact.

AFAICT the same's true for Trevor's single-use signature keys. But I'm
not sure whether it's true for Pond's group signatures...

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJTPeAoAAoJEBEET9GfxSfMm4kH/0/a21Y8lzeARpEk263GLCca
5y0wXtZ514YLlfpKexo8VA+O6oFi8kjlO4qvnB1ocdwh8XCT8tmqUUjOQW1lCoWN
Kh5VPvMDsdIDb0juJvTzezWtcbtsA2NVNEg+8quwaWxWgk3S4BKp3gW3Vy0/K4Mo
VAznnZAoF+Dd88UxQID2M/2qkkD7+u62KPPK/pA1tmRifdhmHbrHhEvGMK3ibtdH
icXGTJl6mfofxUUREI1qHWY3L3aSgJD3QSPQatl0ySfsNgm6uBDQ+QNz9FzJhA2F
Dvyw4uBjCVSm9wem8vTUIB+DQ0AZIGdpb3uugviizR7EjP42fC41Ki8/eh5r0l0=
=TFJ4
-----END PGP SIGNATURE-----