[Cryptography] prism-proof email in the degenerate case
Ray Dillinger
bear at sonic.net
Thu Oct 10 17:20:21 EDT 2013
On 10/10/2013 12:54 PM, John Kelsey wrote:
> Having a public bulletin board of posted emails, plus a protocol
> for anonymously finding the ones your key can decrypt, seems
> like a pretty decent architecture for prism-proof email. The
> tricky bit of crypto is in making access to the bulletin board
> both efficient and private.
Wrong on both counts, I think. If you make access private, you
generate metadata because nobody can get at mail other than their
own. If you make access efficient, you generate metadata because
you're avoiding the "wasted" bandwidth that would otherwise prevent
the generation of metadata. Encryption is sufficient privacy, and
efficiency actively works against the purpose of privacy.
The only bow I'd make to efficiency is to split the message stream
into channels when it gets to be more than, say, 2GB per day. At
that point you would need to know both what channel your recipient
listens to *and* the appropriate encryption key before you could
send mail.
Bear
More information about the cryptography
mailing list