[cryptography] OTR and deniability

Steven Bellovin smb at cs.columbia.edu
Thu Jul 14 11:59:29 PDT 2011

The two Ian G's have it correct: while OTR provides (some level of) lack of evidence within the system, it says nothing about external evidence like netflow records, which machine the logs were taken from, etc.  To pick one bad example -- bad because I don't know if it fits the facts of this case -- if one party to a purported conversation turned over a log file, and forensic examination of the second party's computer showed the same log, I suspect that most people would believe that those two parties had that conversation.  Of course, the authenticity of the log files could be challenged -- did the first party hack into the second party's computer and plant the log file?  had someone else hacked into it and used it to talk with the first party? -- but that's also outside the crypto protocol.

Put another way, the goal in a trial is not a mathematical proof, it's proof to a certain standard of evidence, based on many different pieces of data.  Life isn't a cryptographic protocol.

		--Steve Bellovin, https://www.cs.columbia.edu/~smb

cryptography mailing list
cryptography at randombit.net

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list