[messaging] Recognizing senders of metadata-hidden messages

Jeff Burdges burdges at gnunet.org
Tue Jul 28 13:42:27 PDT 2015

On Tue, 2015-07-28 at 20:45 +0200, Jeff Burdges wrote:
> p.s.  There is a "trivial" S0 M0 R0 Rev0 delivery scheme in which all
> connections remain "dialed" in that the mailbox number for that
> particular pair of contacts is derived from a hash of the previous
> axolotl round's rootkey, similarly to how pond derives the encryption
> key for the axolotl header.  This is delivery authentication in the
> sense that you'll never bother to check a mailbox that does not
> already belong to you.  And mailboxes move all the time.  This scheme
> does not scale.  And it does not protect the server from DoS either. 

Oops, M0 doesn't exactly apply here, as you'd frequently send a couple
messages to the same box.  Instead, it has an M-like property that
applies equally to sender and recipient, making it stronger than M0 in

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150728/18ef3f78/attachment.sig>

More information about the Messaging mailing list