On 03/04/14 21:06, Trevor Perrin wrote: > On Thu, Apr 3, 2014 at 12:50 PM, Michael Rogers > <[email protected]> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> On 03/04/14 19:02, Trevor Perrin wrote: >>> I think you want signatures for garbage messages which fail >>> end-to-end authentication but could be used to fill the recipient's >>> mailbox with junk. >> >> I don't see how the recipient's mailbox could be filled with junk by >> anyone except the server. Anyone else would need a token to submit a >> message; tokens are only issued to authorised senders, and the number >> of tokens in circulation is controlled by the recipient, so it can be >> kept within the capacity of the mailbox. > > In Pond, at least, the mailbox/recipient bandwidth is kept to a low, > roughly constant level over time, to resist traffic analysis. > > Thus the recipient can be temporarily DoS'd by a fairly low volume of > messages. I'm not sure it's feasible to keep the # of outstanding > tokens so low as to prevent this. >
It took me a long time to finally understand what you meant by this. I'll state
it explicitly for others' benefit (since you didn't mention this in the
original list of requirements :p):
- Bob's server knows that {Bob will successfully identify the sender}.
This is because we don't want even *contacts* to spam our mailbox with random
junk, we only want valid messages to be accepted by the server.
This is dangerous in schemes that separate authorize-sender-to-server vs
authenticate-sender-to-Bob, including the one Michael suggested a few messages
ago, and including the scheme I suggested in the other branch of this thread,
because any of Bob's contacts can do this spamming *without being identified*.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
