[Cryptography] prism-proof email in the degenerate case
Ben Laurie
ben at links.org
Sun Oct 20 09:59:06 EDT 2013
On 10 October 2013 22:20, Ray Dillinger <bear at sonic.net> wrote:
> On 10/10/2013 12:54 PM, John Kelsey wrote:
>> Having a public bulletin board of posted emails, plus a protocol
>> for anonymously finding the ones your key can decrypt, seems
>> like a pretty decent architecture for prism-proof email. The
>> tricky bit of crypto is in making access to the bulletin board
>> both efficient and private.
>
> Wrong on both counts, I think. If you make access private, you
> generate metadata because nobody can get at mail other than their
> own. If you make access efficient, you generate metadata because
> you're avoiding the "wasted" bandwidth that would otherwise prevent
> the generation of metadata. Encryption is sufficient privacy, and
> efficiency actively works against the purpose of privacy.
>
> The only bow I'd make to efficiency is to split the message stream
> into channels when it gets to be more than, say, 2GB per day. At
> that point you would need to know both what channel your recipient
> listens to *and* the appropriate encryption key before you could
> send mail.
Precisely.
Didn't there used to be a newsgroup for exactly this purpose? I can't
find it now, but I distinctly remember it.
I'd guess NNTP was a better protocol than SMTP for this.
More information about the cryptography
mailing list