-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 03/04/14 23:57, Ximin Luo wrote: >> In the scheme I suggested, the recipient would remember which >> contact each token had been issued to, so each junk message >> would be attributable to either the contact to which the attached >> token was issued, or the server - not any other contact. >> > > Yes, my wording could have been better, this is a new concept to > me. The attack might seem esoteric, but if we can do better, why > take this risk? The server being hostile is a problem you don't > want to be uncertain about, and without this property, every single > junk message raises the question "maybe the server is hostile, or > maybe not".
Ah, sorry, I misunderstood. Yes I agree that Trevor's scheme allows spam to be attributed to the server after a single message, whereas mine would require multiple messages. So Trevor's scheme is better. But my misunderstanding has raised a question: in Pond, does the recipient have some trapdoor information that the server doesn't have, allowing the recipient to tell which contact made the group signature? Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBCAAGBQJTPeqUAAoJEBEET9GfxSfMJHkH/iEhUufPjqjmWii22s8zurQQ Z0VXhBUQnWKIwup8BxHJKeMbxmTe3UQkWBwKuF9TTFl4KN26kXXDq3mZUNOvLgwu /TReXRRq5Nwvs9AVM/Dz0/wLs0wbs41AbZcY+QTANCGvepGp8+rSX4r0K365nUdt RykQq1kNDBek1lNcRk2lE2ok5Tz871LAKqYY9RFkxRyLmkiv+gAejuPaiujqBrx/ HQsORtRcWhGXMq5N7tabGWnWctiY/8gJl21S2Vco1FFA7RtUhIpSLxpQge/H7W+w m4Peo1XWm15M2lU1ZGqkd8lAy1t99qwNhliQuwsmFrzRbqAJGtMghksGD28VDDg= =UO77 -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
