btw as I didnt say it explicitly, why I claim (forward-anonymous) sequence security is important is that mixmaster remailers shuffle and reorder messages. If the message sequence is publicly viewable that property is broken up-front, and if the message sequence is observable backwards in time with disclosure of current keys, in the event of a key compromise anonymity is lost.
Adam On Fri, Sep 20, 2013 at 11:19:58AM +0200, Adam Back wrote:
Depending on what you're using this protocol for you maybe should try to make it so that an attacker cannot tell that two messages are for the same recipient, nor which message comes before another even with access to long term keys of one or both parties after the fact. (Forward-anonymity property). Otherwise it may not be safe for use via remailers (when the exit is to a public drop box like alt.anonymous.messages). And being able to prove who sent which message to who after the fact is not good either, if that can be distinguished with access to either parties long term keys (missing forward-anonymity). Adam
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
