On Sat, Jul 26, 2014 at 7:43 AM, Mike Hearn <[email protected]> wrote: > Pond is a great advance for secure messaging, but it suffers from the fact > that I can't send someone a cold intro if they don't already know me. For > that reason it does not solve the Snowden/Greenwald problem. > > Pond users do have email-address like things and servers could receive and > store arbitrary messages: it's only the "forward secure or nothing" policy > that forbids this.
No, Pond senders must authenticate their message with a recipient-provided secret or the recipient's mailbox will reject it. See: https://moderncrypto.org/mail-archive/messaging/2014/000409.html > Snowden may not have known Greenwald's email address > at the start, he just knew he wanted to talk to "an American guy with the > name Glenn Greenwald, who writes this particular blog" If your use case is "secure key lookup for a well-known journalist", I think that's easily solved by the reporter posting his public key, key fingerprint, and/or SecureDrop/GlobalLeaks hidden-service address on his HTTPS website, twitter, etc. Trusting national passport agencies seems wrong for this use case. Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
