On Mon, Oct 20, 2014 at 8:11 AM, Ximin Luo <[email protected]> wrote: > On 10/10/14 23:09, Trevor Perrin wrote: >> On Fri, Oct 10, 2014 at 1:21 PM, Ximin Luo <[email protected]> wrote: >>> On 10/10/14 21:06, Trevor Perrin wrote: >>>> [1] https://moderncrypto.org/mail-archive/messaging/2014/000372.html [...] > > Here is another example of an attack scenario. Hopefully, this demonstrates > more obviously, that the [1] scheme proposed makes certain consistency > attacks invisible to some of the victims: > > Alice: (1) So let's discuss Dual EC DRBG (last-message-seen: 0) # to everyone > except David > Alice: (1A) So let's discuss Fortuna (last-message-seen: 0) # to David only > Bob: (2) Do you think this RNG is suitable, David? (last-message-seen: 1) # > to everyone > # David is feeling lazy today and doesn't want to wait for the warning to > disappear nor to slow down the conversation. > # Besides, nothing bad happened with the last 37 warnings. Also, Bob is a > totally trustworthy friend, right? > David: (3) Yeah it's suitable, let's go with that. (last-message-seen: 2) # > to everyone > Alice: (4) OK, sounds good. Team, you heard our advisor. Make it so! > (last-message-seen: 3) > > Everyone else except David sees 1<-2<-3<-4 with no warnings.
David's "Yeah" should have last-messages-seen: 1A, 2. So people are warned on receiving "Yeah" that they're missing context (1A). ([1] wasn't clear that a message could reference multiple parents, but I'm pretty sure that's what was meant). Trevor _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
