(I am not on debian-devel, please don't forget to CC me.) On 03/01/14 17:45, Tollef Fog Heen wrote: > ]] Ximin Luo > >> Package: wnpp >> Severity: wishlist >> Owner: Ximin Luo <infinity0@gmx.com> >> >> * Package name : pond >> Version : 0:git~2014-01-01 > > You might want to use a version number such as 0~20140101+git+$sha1 or > similar. 0:git probably isn't even valid as a Debian version number, > since : is used for epochs. > Thanks, I will do that. The previous one was just a placeholder that I guessed, I will read through the version syntax spec properly before I commit to anything. >> So Pond is not email. Pond is forward secure, asynchronous messaging >> for the discerning. Pond messages are asynchronous, but are not a >> record; they expire automatically a week after they are received. Pond >> seeks to prevent leaking traffic information against everyone except a >> global passive attacker. > > Am I understanding it correctly that this is somewhat like sending an > encrypted message to a key's fingerprint in a DHT with an expiration > tacked on, or is this completely off the mark? > It's somewhat off the mark :p The encryption keys are ephemerally generated using a ratchet to provide forward secrecy. The network structure is client-to-federated-servers rather than completely decentralised like a DHT. The servers provide availability, but are otherwise trusted with very little private information. (There is still some metadata leakage I believe.) The design also tries to protect against timing/length analyses. X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git
Attachment:
signature.asc
Description: OpenPGP digital signature