[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#733860: ITP: pond -- Forward secure, asynchronous messaging for the discerning.

(I am not on debian-devel, please don't forget to CC me.)

On 03/01/14 17:45, Tollef Fog Heen wrote:
> ]] Ximin Luo 
>> Package: wnpp
>> Severity: wishlist
>> Owner: Ximin Luo <infinity0@gmx.com>
>> * Package name    : pond
>>   Version         : 0:git~2014-01-01
> You might want to use a version number such as 0~20140101+git+$sha1 or
> similar.  0:git probably isn't even valid as a Debian version number,
> since : is used for epochs.

Thanks, I will do that. The previous one was just a placeholder that I guessed, I will read through the version syntax spec properly before I commit to anything.

>> So Pond is not email. Pond is forward secure, asynchronous messaging
>> for the discerning. Pond messages are asynchronous, but are not a
>> record; they expire automatically a week after they are received. Pond
>> seeks to prevent leaking traffic information against everyone except a
>> global passive attacker.
> Am I understanding it correctly that this is somewhat like sending an
> encrypted message to a key's fingerprint in a DHT with an expiration
> tacked on, or is this completely off the mark?

It's somewhat off the mark :p

The encryption keys are ephemerally generated using a ratchet to provide forward secrecy. The network structure is client-to-federated-servers rather than completely decentralised like a DHT. The servers provide availability, but are otherwise trusted with very little private information. (There is still some metadata leakage I believe.) The design also tries to protect against timing/length analyses.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: