[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

yan yan at mit.edu
Thu Aug 28 15:08:40 PDT 2014

On 08/28/2014 01:24 PM, Moxie Marlinspike wrote:
> On 08/28/2014 01:08 PM, Mike Hearn wrote:
>>     3) It creates a potential SPAM problem.
>> Just re: the spam issues in general (I used to work on the Gmail spam
>> team), most spam is filtered based on two pieces of metadata:
>> 1) Origin IP reputations
>> 2) Link url domain reputations
>> This gets you to perhaps 90%+ coverage immediately. There are many other
>> message features used to filter spam, but those two do the overwhelming
>> majority of the work. Comparatively little spam is filtered based on raw
>> text analysis.
> Sorry I wasn't more clear. I was referring to the fact that the
> directory would be openly publishing a list of everyone's email
> addresses.  Even if you hash them, they're pretty trivially invertible.

I guess I don't understand why hashing is necessarily "trivially
invertible" here. If the threat is large precomputed rainbow tables of
potential email addresses, you could have the email provider salt the
hashes before submitting them to the log; or probably easier, have a
unique "pepper" per email provider that gets rotated on some interval [1].

In the former case, Alice has to query Bob's email provider for the salt
the first time she does a key lookup, which could be a privacy concern.
In the second case, the pepper-to-mail-provider mapping could just be
published publicly.

[1] The definition of "pepper" here:

> I don't know much about the state of the art of spam filtering these
> days, so it might be that this isn't a problem, but it doesn't seem great.
> - moxie

More information about the Messaging mailing list