On Tue, 2015-07-28 at 20:45 +0200, Jeff Burdges wrote: > p.s. There is a "trivial" S0 M0 R0 Rev0 delivery scheme in which all > connections remain "dialed" in that the mailbox number for that > particular pair of contacts is derived from a hash of the previous > axolotl round's rootkey, similarly to how pond derives the encryption > key for the axolotl header. This is delivery authentication in the > sense that you'll never bother to check a mailbox that does not > already belong to you. And mailboxes move all the time. This scheme > does not scale. And it does not protect the server from DoS either.
Oops, M0 doesn't exactly apply here, as you'd frequently send a couple messages to the same box. Instead, it has an M-like property that applies equally to sender and recipient, making it stronger than M0 in practice.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
