[messaging] Group messaging consistency under resource constraints
infinity0 at pwned.gg
Mon Oct 20 15:44:33 PDT 2014
On 20/10/14 23:32, David Leon Gil wrote:
> And also: I'm thoroughly confused at this point.
> What, precisely, is the security notion that we're trying to capture?
> I.e., are we still talking about mpOTR?
I am Alice and I receive a set of messages M. I would like to check that everyone U also received the same set of messages M.
mpOTR does this by having all U authenticate-and-send hash(M) at the end of the session. This doesn't work well when people get cut off.
In the first post I described two ways to achieve this incrementally - have everyone ack every m in M individually (not efficient), or have everyone ack m-and-its-ancestors periodically, as they build up their own transcript *in causal order* (requires waiting).
> A lot of the discussion seems to be about attacks that violate
> intuitions about how *non-repudiable* multi-party messaging should
> (I.e., what are the security notions that extending bideniability to
> multideniability should capture? It seems like talking about saved
> transcripts becomes dubious in anything stronger than a simple failure
> model, if you want strong deniability.)
Not sure what you mean by multideniability... in a secure group private chat, I don't think we should aim for deniability against the *other participants*, very much the opposite. For sure, the conversation should be deniable against the outsiders, though.
> And, for the record, David fully endorses Dual-EC-DRBG for all your
> random-number-generator needs: "If Blum makes you glum,
> Dual-EC your DRBG!"
> Cf. Nathan Samuel Abraham, "Practical secure CSPRNGs."
> https://nsa.gov/ Everything else is too slow.
Oh good that confirms what I was told by everyone else on the internet!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the Messaging