<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote">On Tue, Jul 2, 2013 at 7:39 AM, Kurt Roeckx <span dir="ltr"><<a href="mailto:kurt@roeckx.be" target="_blank">kurt@roeckx.be</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div class="im">On Tue, Jul 02, 2013 at 10:12:10AM -0400, Greg Troxel wrote:<br>
><br>
> Not true - OTR's signing key to authenticate a session is similar to<br>
> OpenPGP. The difference is that session keys are authenticated, not<br>
> messsage content, and repudiability (word?) is achieved by using<br>
> symmetric MACs and disclosiing them.<br>
<br>
</div>I guess I need to go and look up how OTR really works.<br>
<span class=""><font color="#888888"><br></font></span></blockquote><div><br></div><div style>I want to discuss this more explicitly, because it is a fundamental feature of OTR and it also is in line with my usability intuitions. Also, I may not understand the subtleties correctly, so I want people to clarify any mistakes. If you are on this list, you should understand this fundamental aspect of OTR and furthermore, you should consider how that interacts with assumptions "the typical user" might make.</div>
<div style><br></div><div style><br></div><div style>Caveat emptor: I'm new to the OTR protocol, so please verify every statement I make and do not take my word for it. Here goes:</div><div style><br></div><div style>
<br></div><div style>OTR is designed so that if one of the two parties records all network traffic, then shows that recording to a third party, they cannot prove the other party participated or authored any of the messages. The best they can do is to show someone who knows a shared session secret authored the messages. However, that includes the accuser themselves!</div>
<div style><br></div><div style>Furthermore, after a conversation session ends, that secret can be made public, so that after that point, it's conceivable that anyone with any recording of the session could have modified their transcript at their whim.</div>
<div style><br></div><div style>Someone who knows Alice's public key can produce a transcript ex nihilo that claims Alice participated in a conversation and said X, Y, and Z, all without Alice's participation in any way. Therefore, transcripts from OTR sessions are not useful for proving what conversations someone has participated in, nor what they have said.</div>
<div style><br></div><div style>Perhaps non-intuitively a participant of a conversation can prove *to themselves* that Alice is indeed participating in a conversation and is indeed saying X, Y, and Z. This is the key value of OTR.</div>
<div style><br></div><div style><br></div><div style>Could anyone verify all of those statements are correct? I've only skimmed the first part of [1] but I'm familiar with the goals and technique by reading about mpOTR.</div>
<div style><br></div><div style><br></div><div style>The philosophy of OTR's protocol design is that these properties *matches user intuitions*.</div><div style><br></div><div style>So by the same philosophy, the UI should reinforce that as much as possible. If there are PKI features, we should ask "do those match user intuitions?" For example, if there's a revocation protocol, what will user intuitions be about revocation? Also, how do we design a UI (across many different clients) that promotes "the right kind" of intuitions?</div>
<div style><br></div><div style>regards,</div><div style>callme whatiwant</div><div style><br></div><div style>[1] <a href="http://www.cypherpunks.ca/otr/otr-wpes.pdf">http://www.cypherpunks.ca/otr/otr-wpes.pdf</a></div>
<div style>
<br></div><div style><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class=""><font color="#888888">
<br>
Kurt<br>
</font></span><div class=""><div class="h5"><br>
_______________________________________________<br>
OTR-dev mailing list<br>
<a href="mailto:OTR-dev@lists.cypherpunks.ca">OTR-dev@lists.cypherpunks.ca</a><br>
<a href="http://lists.cypherpunks.ca/mailman/listinfo/otr-dev" target="_blank">http://lists.cypherpunks.ca/mailman/listinfo/otr-dev</a><br>
</div></div></blockquote></div><br></div></div>