Our main principle of distinguishing Maskbook Posts was to trust the high entropy of PostIV. However, it is possible that an attacker can reuse the same PostIV in another Natural Post to confuse Maskbook.
With that in mind, would it be better to find other ways to distinguish Maskbook Posts? For example, if the author is a local Persona (also include an encrypted signature in the Post payload which is only decryptable by the authoring Persona), trust the PostIV; else, use the PostLocator as the primary key when witnessing.
Our main principle of distinguishing Maskbook Posts was to trust the high entropy of PostIV. However, it is possible that an attacker can reuse the same PostIV in another Natural Post to confuse Maskbook.
With that in mind, would it be better to find other ways to distinguish Maskbook Posts? For example, if the author is a local Persona (also include an encrypted signature in the Post payload which is only decryptable by the authoring Persona), trust the PostIV; else, use the PostLocator as the primary key when witnessing.