The two Ian G's have it correct: while OTR provides (some level of) lack of evidence within the system, it says nothing about external evidence like netflow records, which machine the logs were taken from, etc. To pick one bad example -- bad because I don't know if it fits the facts of this case -- if one party to a purported conversation turned over a log file, and forensic examination of the second party's computer showed the same log, I suspect that most people would believe that those two parties had that conversation. Of course, the authenticity of the log files could be challenged -- did the first party hack into the second party's computer and plant the log file? had someone else hacked into it and used it to talk with the first party? -- but that's also outside the crypto protocol. Put another way, the goal in a trial is not a mathematical proof, it's proof to a certain standard of evidence, based on many different pieces of data. Life isn't a cryptographic protocol. --Steve Bellovin, https://www.cs.columbia.edu/~smb _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE