Re: Addressing the tagging attacks

[Zooko <zooko@zooko.com>]

Hrm.  I was awfully proud of my proposal to address tagging attacks.  As far as 
I can see it guarantees that no possible tagging attack would reveal any 
information, and in addition it makes forward-travelling and reply messages 
indistinguishable except to the sender and recipient.

What do you guys think?

One position that you could take is that the partitioning of messages into 
forward-travelling messages and reply messages isn't a big deal and so it isn't 
worth the complication and the 2-times message expansion to use my trick.

Is that the position you are taking, George?

Even if that's the case then I don't understand why we should use all-or-nothing 
instead of using a MAC, and I don't understand why we shouldn't MAC the payload 
as well as the headers on forward-travelling messages.

Regards,

Zooko

---
                 zooko.com
Security and Distributed Systems Engineering
---