On 19/07/11 1:59 PM, James A. Donald wrote:

On 2011-07-19 9:48 AM, Ian G wrote:

...

OTR makes the same error. It takes a very interesting mathematical property, and extend it into the hard human world, as if the words carry the same meaning. Perhaps, once upon a time, in some TV court room drama, someone got away with lying about a document? From this, OTR suggests that mathematics can help you deny a transcript? It can't. It can certainly muddy the waters, it can certainly give you enough rope to hang yourself, but what it can't do is give some veneer of "it didn't happen." Not in court, not in the hard world of humans.

OTR gives you the same deniability as a plaintext communicated person to person. "He said ... she said"

(I suspect a confusion here. A plaintext is a document, whereas "he said, she said" is witnessed or hearsay. They have wildly different effects in court, under interrogation.)

No more, and no less.

But that is quite a lot of deniability.

Actually, I suspect not. I humbly submit to the court that a plaintext document plus the presence of OTR is somewhat less deniable than a plaintext document by itself, which are both less deniable than a non-existing document. Perhaps we could lump this under the law of unexpected consequences? Part of the problem I have semantically with OTR is that it isn't OTR. The presence of a record means it is on the record. While OTR-the-product might be attempting to decrease the tamper-resistance qualities of the document, there is manifestly a document. And such presence tends to outweigh in real life any advantage gained by tampering. If it was truly OTR, it would turn off the record. That's what it means, the tape stops rolling, the typist stops typing. Probably we can't achieve precisly that, within the context of p2p communications without TCBs. But we can come close. There are possibilities: Counterparties can contract to delete the record afterwards, exposing themselves to civil claims if this is not done. Further, it might be possible to make declarations under penalties of perjury that the record has been deleted. Or, we could IPR it, or even invoke DMCA over it, and have the OTR application do the deed under a technological protection. I'm not suggesting that this be done; just that it seems to be evident that OTR doesn't take much in the way of steps to take something "off the record." What it does achieve, IMHO, is make it easier for a court to rule against a false repudiation. This is hard to see as an advantage to the users, who might be tempted to talk as if they can later deny the conversation. E.g., wikipedia, that notably deniable authority, says: "The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing." http://en.wikipedia.org/wiki/Off-the-Record_Messaging iang, the other other one _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE