Re: [cryptography] OTR and deniability
[I'm not usually on this list, but was pointed to this thread. Warning that we now have two "iang"s on here. ;-) ] This is a common confusion about OTR. OTR aims to provide the same deniability as plaintext, while also providing the same authentication as, say, PGP. You want assurance that the other person is who he says he is, but at the same time, you don't want digital signatures on all of your messages which can be used by a third party (or even the person you were speaking to) later to prove what you said. You can't achieve *more* deniability than plaintext, of course. Just as plaintext chat logs might be trusted because you believe the chain-of-custody, so might OTR logs be. (If the OTR logs are the ciphertexts, of course, you'd also need to log the keys to get anything useful out, but even then, the point is that you could have used the toolkit to modify individual messages, or even forge the whole transcript.) In this case, of course, the plaintexts were logged, so OTR's properties don't even come into it. Here, anyone could simply edit the text file containing the logs. - Ian (the other "iang") _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
participants (1)
-
Ian Goldberg