[messaging] Reduce identity key exposure in Pond

Ben Harris mail at bharr.is
Mon Mar 30 23:01:43 PDT 2015

On 31 March 2015 at 13:43, Trevor Perrin <trevp at trevp.net> wrote:

> You're also adding a security property that the server's in position
> to violate.  An alternative would be for Alice to create separate Pond
> identities when she wants to communicate under different, unlinkable
> pseudonyms.  This gives her the possibility of keeping these
> identities unlinked even from the server, so it's arguably a better
> solution for this problem.

A third alternative is to drop the <id> and have the server try to validate
the MAC with all the posibilities - the server is still in the position to
violate this too.

Making it easy to create and manage Pond identities sounds like the best
way to go.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150331/7a4cd4fe/attachment.html>

More information about the Messaging mailing list