[messaging] Proposal for anonymous contact discovery

Joseph Bonneau jbonneau at gmail.com
Fri Jul 25 08:39:15 PDT 2014

On Fri, Jul 25, 2014 at 9:51 AM, Tom Ritter <tom at ritter.vg> wrote:

> On 24 July 2014 16:01, Joseph Bonneau <jbonneau at gmail.com> wrote:
> > Thoughts?
> This assumes Earl and Layton have a perfect record of all emails
> between them. In practice, I remove sensitive emails from the server
> to prevent an attacker who compromises the server from retroactively
> getting all the good stuff[0]. Also in practice, my parents use POP3
> instead of IMAP[1]. Also in practice, companies have a policy of
> archiving emails after N months into long-term difficult-to-access
> storage. By hearsay, I think some people aggressively delete emails
> instead of filing them away somewhere.

I agree these are challenges. There are also many ways to add robustness
around this-for example every month Earl uploads a new key, so you only
need emails from the past month.

> But it occurs to me the SMTP message-id approach is not completely
> sunk because of the assumptions - we just need to open it up to lots
> more messages.  This problem is essentially trying to perform set
> intersection.  I have a bunch of 'secret' bitstrings I think you share
> some of, let's figure out if we do in fact share some. If we do, that
> bitstring can be used as keying material to authenticate a longer-term
> key.

I was thinking of the problem a little differently, with it explicitly
being a one-shot non-interactive protocol using a server because Earl won't
be online when Layton decides to join. This seems to be a usability
constraint in the case of people installing a new app on their phone and
wanting to immediately discover which friends are using the same service
(otherwise they may drop the app forever).

If Earl and Layton are both online (at which point they're Alice and Bob) a
protocol like this sounds promising. Maybe it's possible to do it in an
asynchronous manner?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140725/01f3f8ec/attachment.html>

More information about the Messaging mailing list