On 10/10/2013 12:54 PM, John Kelsey wrote: > Having a public bulletin board of posted emails, plus a protocol > for anonymously finding the ones your key can decrypt, seems > like a pretty decent architecture for prism-proof email. The > tricky bit of crypto is in making access to the bulletin board > both efficient and private.
Wrong on both counts, I think. If you make access private, you generate metadata because nobody can get at mail other than their own. If you make access efficient, you generate metadata because you're avoiding the "wasted" bandwidth that would otherwise prevent the generation of metadata. Encryption is sufficient privacy, and efficiency actively works against the purpose of privacy. The only bow I'd make to efficiency is to split the message stream into channels when it gets to be more than, say, 2GB per day. At that point you would need to know both what channel your recipient listens to *and* the appropriate encryption key before you could send mail. Bear _______________________________________________ The cryptography mailing list email@example.com http://www.metzdowd.com/mailman/listinfo/cryptography