On 03/11/15 18:53, Jeff Burdges wrote: > There are not many systems that satisfy both M0/M1 and R0 from : > > http://www.lothar.com/blog/53-petmail-delivery/ > All that I know fit into two categories : > > > Category 1. Group signature schemes require pairing-based cryptography > > [..] > > Category 2. Limited pool of delivery tokens. >
Oh OK I see, you are actually talking about *delivery* and not *read* receipts here, about transport-level security concerns, e.g. to avoid spamming readers from unauthorized senders, but also to avoid correlation whilst doing that. Even solving all of these issues perfectly (whatever that means) can't reproduce the functionality that *acks* provide, which ignores the transport and offers a contract between authors and readers. Also I'm not sure if I understand those definitions properly. For example, what's the difference between M0 and R1, and why do you say that Pond has R0 and not R1. If Pond has R0, what does R1 even mean in that case? X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
