[Endymail] Concealing the email address of the subscriber.
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 29 August 2014 15:22 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: endymail@ietfa.amsl.com
Delivered-To: endymail@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id B1FF21A0503
for <endymail@ietfa.amsl.com>; Fri, 29 Aug 2014 08:22:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.422
X-Spam-Level: *
X-Spam-Status: No, score=1.422 tagged_above=-999 required=5
tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001]
autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id SPO_gyOioZEi for <endymail@ietfa.amsl.com>;
Fri, 29 Aug 2014 08:22:03 -0700 (PDT)
Received: from mail-la0-x22e.google.com (mail-la0-x22e.google.com
[IPv6:2a00:1450:4010:c03::22e])
(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 7DCF81A04FA
for <endymail@ietf.org>; Fri, 29 Aug 2014 08:22:03 -0700 (PDT)
Received: by mail-la0-f46.google.com with SMTP id pv20so2874852lab.5
for <endymail@ietf.org>; Fri, 29 Aug 2014 08:22:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:sender:date:message-id:subject:from:to:content-type
:content-transfer-encoding;
bh=xOIl8/8txGCZu4DvARFqhEKsLfAHi1/FIB065kFPjoA=;
b=Z6RjzgEnG0exJHM8RmpRepIcUfhwTvg4I9qNzRb6IxpJjZ1gOgmRKqY82zZ+RwA9NY
4T9/uvVF8L3kcUnnMHsw52pcZjTM4Hg+KDdHHMMyf7RrdQ4ka4D6dpkeU0c6q+GICVJi
w3wWGCABuY0rtsLv+B4Kc+devEwIzo8L/F9xmMyQpmqQMnNGJAb44RSFZ0Sc2YCDVTyX
dmND9JRh3V3bcNR7vIgU8uVndnRSoB7OZwEsFdZEU+VVWT50VYqOqZuSiyQjN1K0FkZW
KdBnxRekpmD0oD2R4jx0E3E1pvfDjEb4MnfnCC77Tq4mqFcAjamtI6nU7sqkIeSni+va
4m5A==
MIME-Version: 1.0
X-Received: by 10.153.4.39 with SMTP id cb7mr11804761lad.19.1409325721794;
Fri, 29 Aug 2014 08:22:01 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.122.50 with HTTP; Fri, 29 Aug 2014 08:22:01 -0700 (PDT)
Date: Fri, 29 Aug 2014 11:22:01 -0400
X-Google-Sender-Auth: m0NaE6J0LWD4StJvYk1muZAeAgg
Message-ID: <CAMm+LwiC7cp3uS3HtXQzCaVyg_E44-7xRT+u2h_LL=VEc60s+A@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: endymail <endymail@ietf.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/endymail/5K_WniqSvjmLiVAtbOBrwzEVvJc
Subject: [Endymail] Concealing the email address of the subscriber.
X-BeenThere: endymail@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <endymail.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/endymail>,
<mailto:endymail-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/endymail/>
List-Post: <mailto:endymail@ietf.org>
List-Help: <mailto:endymail-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/endymail>,
<mailto:endymail-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Aug 2014 15:22:04 -0000
Problem: Allow an email sender who knows an email address to locate a record giving key information without disclosing address to an attacker. To simplify the argument we are only considering this part of the puzzle here and hypothesizing that there is a separate infrastructure whose sole purpose is matching email addresses to records. Obviously if we are using CT with this then any information that goes into this infrastructure has to be validated in CT but that can be via a hash of the data which is non-disclosing. Approach 1: Let email address be aç Locator is H( "alice@example.com" ) Service maps Locator to record. Strength: Simple Weakness: Attacker can derive the email address by brute force. Approach 2: We have two locators each of which contain only part of the email address. Locator1 is H( "lice@example.com" ) Locator2 is H( "alic@example.com" ) Each locator is presented to a service which returns a set of opaque locators V1, V2. There is a possibility of collisions here. Final locator is the XOR of V1, V2... Nah, combinatorics would be horrendous. Approach 3: Anyone got something better that does not allow the brute force attack - other than simply increasing the linear work factor for the attacker?
- [Endymail] Concealing the email address of the su… Phillip Hallam-Baker
- Re: [Endymail] Concealing the email address of th… Natanael