I've been thinking about this more, including re-reading BenL's post to tahoe-dev. I was inspired by hearing that Tahoe-LAFS's use case had been discussed at the recent "Directions in Authenticated Ciphers" workshop:
http://hyperelliptic.org/DIAC/ I've decided that I wasn't really on the right track to say "Authenticated Encryption is useless for Tahoe-LAFS use cases", and instead I should say "We need *public key* Authenticated Encryption instead of *symmetric key* Authenticated Encryption for Tahoe-LAFS use cases". • symmetric-key Authenticated Encryption = Message Authentication Code + cipher • "signcryption" = digital signature + public key encryption • Tahoe-LAFS mutable = digital signature + cipher • Tahoe-LAFS immutable = data identified by its secure hash + cipher Regards, Zooko _______________________________________________ tahoe-dev mailing list [email protected] https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
