On Mon, Jul 7, 2014 at 11:41 PM, Brian Warner <[email protected]> wrote:
> * it sounds like you only care about authenticating the pubkeys, but > you're actually encrypting them too. You might be able to simplify > things: instead of xsalsa20, just use a keyed MAC (HMAC-SHA256 or bare > poly1305 aka "crypto_onetimeauth"). > The "one weird trick" of my protocol is to launder key exchanges through a "broadcast" feed containing both encrypted messages and key exchanges, both padded to the same size (presently targeting ~64kB) and published to all recipients (ala a remailer) I'm interested in what happens when you impose this sort of artificial constraint and whether it can positively impact a protocol's simplicity. It seems to have worked out for Twitter. -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
