On 17/04/15 18:37, Ben Laurie wrote: > > On 17 April 2015 at 11:54, Michael Rogers <[email protected] > <mailto:[email protected]>> wrote: > > Members should be able to send messages to the group, such that any > member of the group can verify that a message was written by the owner > of a particular signature key, but can't prove it to anyone outside the > group. > > > Isn't this a fantasy requirement? That is, if I am a member of the group > and I want to prove it to someone outside the group, don't I just have > them look over my shoulder?
It's not a fantasy requirement, it's a standard property of MACs. If Alice and Bob share a MAC key and Alice uses it to create a MAC, Bob knows that since he didn't create the MAC, Alice must have done. But Bob can't prove to Carol that it was Alice rather than Bob who created it. Cheers, Michael
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
