3.4 Malleable encryption and forgeability
In off-the-record messaging, we’d like to have even a stronger property than repudiability: forgeability. Not only do we want Bob and Eve to be unable to prove that Alice sent any given message, we want it to be very obvious that anyone at all could have modified, or even sent it.
In order to accomplish this, we do something that at first seems surprising: after Alice knows all of the messages she’s sent to Bob which were MAC’d with a given MAC key have been received (because, say, she’s received replies), Alice publishes that MAC key as part of her next message.
— Off The Record Communication (aka PGP STFU n00b)Short URL for this post: http://tmblr.co/ZYYmby68TO0q
