On 10/10/2013 12:54 PM, John Kelsey wrote:
> Having a public bulletin board of posted emails, plus a protocol
> for anonymously finding the ones your key can decrypt, seems
> like a pretty decent architecture for prism-proof email. The
> tricky bit of crypto is in making access to the bulletin board
> both efficient and private.
Wrong on both counts, I think. If you make access private, you
generate metadata because nobody can get at mail other than their
own. If you make access efficient, you generate metadata because
you're avoiding the "wasted" bandwidth that would otherwise prevent
the generation of metadata. Encryption is sufficient privacy, and
efficiency actively works against the purpose of privacy.
The only bow I'd make to efficiency is to split the message stream
into channels when it gets to be more than, say, 2GB per day. At
that point you would need to know both what channel your recipient
listens to *and* the appropriate encryption key before you could
send mail.
Bear
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
