From regardful at googlemail.com Tue Sep 2 20:10:40 2008 From: regardful at googlemail.com (Hajo E.) Date: Wed, 3 Sep 2008 02:10:40 +0200 Subject: [OTR-users] Support for Telepathy/Empathy Message-ID: Hello, I would like to ask if there are any plans or thoughts of implementing OTR into Telepathy [1]. A ticket [2] in the freedesktop bugzilla about this alreday exists. I like the way OTR is implemented into Adium. It is very unobtrusive, the fingerprint management is better (easier, in concrete terms) and one does not see anything about this but a little lock. It is not that good in Pidgin and sometimes it happens that messages are send encrypted after the contact has gone offline. The next time he is online he only sees a bunch of "you can't read this." messages. Regards, Hajo E. [1] http://telepathy.freedesktop.org [2] http://bugs.freedesktop.org/show_bug.cgi?id=16891 -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian at cypherpunks.ca Wed Sep 3 10:13:49 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Wed, 3 Sep 2008 10:13:49 -0400 Subject: [OTR-users] Support for Telepathy/Empathy In-Reply-To: References: Message-ID: <20080903141349.GJ28608@thunk.cs.uwaterloo.ca> On Wed, Sep 03, 2008 at 02:10:40AM +0200, Hajo E. wrote: > Hello, > I would like to ask if there are any plans or thoughts of implementing OTR > into Telepathy [1]. A ticket [2] in the freedesktop bugzilla about this > alreday exists. We (the core OTR dev team) work on the library, and we can give assistance to people using the library to add OTR support to their IM applications. But we don't have the resources to do the application support ourselves, unfortunately. Someone from the Telepathy team would need to take the lead on this. - Ian From dkg at fifthhorseman.net Thu Sep 18 13:50:44 2008 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Thu, 18 Sep 2008 13:50:44 -0400 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) Message-ID: <87bpylxs0b.fsf@squeak.fifthhorseman.net> Hey OTR folks-- I'm still wrapping my head around the ideas of OTR, and i just wanted to float a question or two to people who understand the crypto better than myself. My understanding is that OTR is designed such that it can only be used in two-party communication (private message), and that it cannot be used in multi-party comunication (e.g. an IRC channel, or an XMPP conference room). I believe this is because the reason you can get authenticated communications in OTR is that only the two parties involved know the session key involved. And if a message arrives that is properly wrapped in the session key, you know that it was written by your conversation partner simply because you personally did not write it. This clearly doesn't scale to the n > 2 case (if you all share a session key, how do you know which of the other parties wrote a given message?), but is also why OTR has the deniability feature: if the other party decides to share your conversation with a third party (and they had somehow cached and stored the session info), you can simply point out that they knew the session key as well as you did, and they could have authored any of the messages themselves. But you cannot deny that you *had* a conversation, assuming the other party cached all the traffic and their ephemeral session key, because the key verification step is unimpeachable if the DH keys for the session are known. Is my understanding of these points correct? Am i using terms in ways they shouldn't be used? Am i confused and don't know it? Any insights would be appreciated. I'd like to make sure i understand what assurances are actually being offered by this protocol, because i'd like to be able to advocate for its use in the appropriate situations. Regards, --dkg PS for the list admin: when i tried to subscribe to this list by replying to the confirmation e-mail, i got the following bounce. I managed to confirm via the web UI, but you might want to look into this: ----- The following addresses had permanent fatal errors ----- "|/var/lib/mailman/mail/wrapper mailcmd otr-users" (reason: 6) (expanded from: ) ----- Transcript of session follows ----- Illegal command: mailcmd 554 5.3.0 unknown mailer error 6 Reporting-MTA: dns; paip.net Received-From-MTA: DNS; relay03.pair.com Arrival-Date: Thu, 18 Sep 2008 11:11:24 -0400 Final-Recipient: RFC822; otr-users-request at lists.cypherpunks.ca X-Actual-Recipient: X-Unix; |/var/lib/mailman/mail/wrapper mailcmd otr-users Action: failed Status: 5.0.0 Diagnostic-Code: X-Unix; 6 Last-Attempt-Date: Thu, 18 Sep 2008 11:11:24 -0400 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available URL: From ian at cypherpunks.ca Mon Sep 22 09:29:32 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 22 Sep 2008 09:29:32 -0400 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <87bpylxs0b.fsf@squeak.fifthhorseman.net> References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> Message-ID: <20080922132932.GF12033@thunk.cs.uwaterloo.ca> On Thu, Sep 18, 2008 at 01:50:44PM -0400, Daniel Kahn Gillmor wrote: > Hey OTR folks-- > > I'm still wrapping my head around the ideas of OTR, and i just wanted > to float a question or two to people who understand the crypto better > than myself. > > My understanding is that OTR is designed such that it can only be used > in two-party communication (private message), and that it cannot be > used in multi-party comunication (e.g. an IRC channel, or an XMPP > conference room). > > I believe this is because the reason you can get authenticated > communications in OTR is that only the two parties involved know the > session key involved. And if a message arrives that is properly > wrapped in the session key, you know that it was written by your > conversation partner simply because you personally did not write it. > > This clearly doesn't scale to the n > 2 case (if you all share a > session key, how do you know which of the other parties wrote a given > message?), but is also why OTR has the deniability feature: if the > other party decides to share your conversation with a third party (and > they had somehow cached and stored the session info), you can simply > point out that they knew the session key as well as you did, and they > could have authored any of the messages themselves. The above is all exactly right. That said, there are a couple of people working on just what a group version of OTR should look like, and what its properties should be. > But you cannot deny that you *had* a conversation, assuming the other > party cached all the traffic and their ephemeral session key, because > the key verification step is unimpeachable if the DH keys for the > session are known. Indeed, with the current version of OTR, if Bob keeps a copy of his secrets, he can prove that someone he's in cahoots with at some point in the past started an OTR session with Alice's client. (Because Alice signs a MAC over Bob's ephemeral DH key.) But anyone can start an OTR conversation with anyone else (quite intentionally). On the drawing board is a variation that will remove even this. > Is my understanding of these points correct? Am i using terms in ways > they shouldn't be used? Am i confused and don't know it? Any > insights would be appreciated. I'd like to make sure i understand > what assurances are actually being offered by this protocol, because > i'd like to be able to advocate for its use in the appropriate > situations. Looks reasonable to me. > Regards, > > --dkg > > PS for the list admin: when i tried to subscribe to this list by > replying to the confirmation e-mail, i got the following bounce. I > managed to confirm via the web UI, but you might want to look into > this: Fixed, thanks. - Ian From dkg at fifthhorseman.net Mon Sep 22 11:06:54 2008 From: dkg at fifthhorseman.net (Daniel Kahn Gillmor) Date: Mon, 22 Sep 2008 11:06:54 -0400 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <20080922132932.GF12033@thunk.cs.uwaterloo.ca> (Ian Goldberg's message of "Mon\, 22 Sep 2008 09\:29\:32 -0400") References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> <20080922132932.GF12033@thunk.cs.uwaterloo.ca> Message-ID: <87myi0te29.fsf@squeak.fifthhorseman.net> Thanks for the reply, Ian! On Mon 2008-09-22 09:29:32 -0400, Ian Goldberg wrote: > there are a couple of people working on just what a group version of > OTR should look like, and what its properties should be. Where is this discussion taking place? I'd be interested in participating, though i don't have a ton of time to do so. > Indeed, with the current version of OTR, if Bob keeps a copy of his > secrets, he can prove that someone he's in cahoots with at some > point in the past started an OTR session with Alice's client. > (Because Alice signs a MAC over Bob's ephemeral DH key.) But anyone > can start an OTR conversation with anyone else (quite > intentionally). On the drawing board is a variation that will > remove even this. This is very interesting. Can you give a summary of how something like this might be possible without removing the ability to be sure that your conversation partner is who they claim to be? While the deniability features are pretty cool from a crypto perspective, it doesn't seem to me like they offer any *more* deniability than the deniability you have with unencrypted/unsigned material (e.g. the contents of a web server logs, or a traffic dump From a router). Given that unencrypted/unsigned digital material is regularly respected as powerful evidence in legal disputes, contract negotiations, and journalism already, i'm not sure how much practical gain OTR users really get from the deniability property (though if the legal or journalistic climate *does* change, it would certainly be advantageous). I guess what i'm saying is that the deniability feature of OTR is not as high a priority for me as the other features (such as IM-layer protocol independence, remote-party authentication (including SMP), and a clear, simple UI). Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available URL: From ian at cypherpunks.ca Mon Sep 22 11:28:29 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 22 Sep 2008 11:28:29 -0400 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <87myi0te29.fsf@squeak.fifthhorseman.net> References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> <20080922132932.GF12033@thunk.cs.uwaterloo.ca> <87myi0te29.fsf@squeak.fifthhorseman.net> Message-ID: <20080922152829.GL12033@thunk.cs.uwaterloo.ca> On Mon, Sep 22, 2008 at 11:06:54AM -0400, Daniel Kahn Gillmor wrote: > Thanks for the reply, Ian! > > On Mon 2008-09-22 09:29:32 -0400, Ian Goldberg wrote: > > > there are a couple of people working on just what a group version of > > OTR should look like, and what its properties should be. > > Where is this discussion taking place? I'd be interested in > participating, though i don't have a ton of time to do so. A couple of people are conversing by email, as far as I know. > > Indeed, with the current version of OTR, if Bob keeps a copy of his > > secrets, he can prove that someone he's in cahoots with at some > > point in the past started an OTR session with Alice's client. > > (Because Alice signs a MAC over Bob's ephemeral DH key.) But anyone > > can start an OTR conversation with anyone else (quite > > intentionally). On the drawing board is a variation that will > > remove even this. > > This is very interesting. Can you give a summary of how something > like this might be possible without removing the ability to be sure > that your conversation partner is who they claim to be? You just sign something fresh, but not necessarily the DH public parts. Both parties can contribute a nonce, for example, and you can sign that. You also keep the MAC on your identity, and you've still got SIGMA. > While the deniability features are pretty cool from a crypto > perspective, it doesn't seem to me like they offer any *more* > deniability than the deniability you have with unencrypted/unsigned > material (e.g. the contents of a web server logs, or a traffic dump > From a router). Given that unencrypted/unsigned digital material is > regularly respected as powerful evidence in legal disputes, contract > negotiations, and journalism already, i'm not sure how much practical > gain OTR users really get from the deniability property (though if the > legal or journalistic climate *does* change, it would certainly be > advantageous). You've got it exactly right; I say almost those exact words in my OTR talks. [You can see a couple of videos of those online.] OTR offers the same level deniability as plaintext. But it also offers strong authentication *during* the conversation. If you used pidgin-encryption, for example, every message is digitally signed, which would certainly give you *less* deniability than plaintext. > I guess what i'm saying is that the deniability feature of OTR is not > as high a priority for me as the other features (such as IM-layer > protocol independence, remote-party authentication (including SMP), > and a clear, simple UI). You are in the majority. ;-) - Ian From gmaxwell at gmail.com Mon Sep 22 11:42:04 2008 From: gmaxwell at gmail.com (Gregory Maxwell) Date: Mon, 22 Sep 2008 11:42:04 -0400 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <87myi0te29.fsf@squeak.fifthhorseman.net> References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> <20080922132932.GF12033@thunk.cs.uwaterloo.ca> <87myi0te29.fsf@squeak.fifthhorseman.net> Message-ID: On Mon, Sep 22, 2008 at 11:06 AM, Daniel Kahn Gillmor wrote: >> Indeed, with the current version of OTR, if Bob keeps a copy of his >> secrets, he can prove that someone he's in cahoots with at some >> point in the past started an OTR session with Alice's client. >> (Because Alice signs a MAC over Bob's ephemeral DH key.) But anyone >> can start an OTR conversation with anyone else (quite >> intentionally). On the drawing board is a variation that will >> remove even this. > > This is very interesting. Can you give a summary of how something > like this might be possible without removing the ability to be sure > that your conversation partner is who they claim to be? I can't speak for whatever Ian is doing, but if you look a few weeks back in the development archive you'll see a proposed exchange of mine for another project I'm working on. After I was corrected with respect the identity rebinding attack, I proposed an exchange which achieved that property. (Basically by not including any private data in the commitment): Anyone who knew (from passive observation, for example) the public keys of two parties could create a forged transcript between them. > While the deniability features are pretty cool from a crypto > perspective, it doesn't seem to me like they offer any *more* > deniability than the deniability you have with unencrypted/unsigned > material (e.g. the contents of a web server logs, or a traffic dump > From a router). The biggest concern is to not to do better than unencrypted/unsigned but not to do worse. The possibility of providing more really depends on the level of imagination and technical sophistication of the audience that you're trying to convince. An unencrypted log shouldn't be considered good evidence since anyone who touched it could have untraceably, and even accidentally, altered it. But such things are often considered to be proof, and to someone who does no OTR system would likely be considered less proof. But at least it can be made no moreso. [snip] >Given that unencrypted/unsigned digital material is > regularly respected as powerful evidence in legal disputes, contract > negotiations, and journalism already [snip] At least today even laymen can easily understand that one party or another could have simply edited the log. The accuracy of evidence is understood to ultimately depend on many factors. You can't get some crypto-expert to come in and say that the log is irrefutable proof. But with a signed encrypted message system the number of possible explanations is substantially reduced (someone had to steal your private key and passphrase). [snip] > I guess what i'm saying is that the deniability feature of OTR is not > as high a priority for me as the other features (such as IM-layer > protocol independence, remote-party authentication (including SMP), > and a clear, simple UI). As developers we owe it to our users make a best effort to avoid creating new vulnerabilities for them which they may not understand but which may still bite them. Turning on encryption should never make you *more* vulnerable, but without denyability it very well may. Educating users about the risks of non-deniable encryption so that they could make good choices would be really hard, it's better to just fix the problem. (Sometimes users do want non-repudiation, but they *know* when they want it. They usually do not know when they want deniable encryption). Achieving denyability is, for the most part, a one time R&D cost. Sure, there are computation and message exchange costs too... but they are infinitesimal. Because of this it should be a default behavior wherever it can be reasonably provided. From bdm at fenrir.org.uk Mon Sep 22 11:58:17 2008 From: bdm at fenrir.org.uk (Brian Morrison) Date: Mon, 22 Sep 2008 16:58:17 +0100 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <20080922152829.GL12033@thunk.cs.uwaterloo.ca> References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> <20080922132932.GF12033@thunk.cs.uwaterloo.ca> <87myi0te29.fsf@squeak.fifthhorseman.net> <20080922152829.GL12033@thunk.cs.uwaterloo.ca> Message-ID: <48D7C099.503@fenrir.org.uk> Ian Goldberg wrote: > OTR offers the same level deniability as plaintext. But it also offers > strong authentication *during* the conversation. If you used > pidgin-encryption, for example, every message is digitally signed, which > would certainly give you *less* deniability than plaintext. I would say it has much higher deniability than plaintext, in the sense of "You said " whereas you can say "I said something, but you do not know what it was". The really important aspect is the ephemeral keys, so you can never recover the plaintext if neither party keeps logs. In the UK, with legally enforceable GAP (or GAK under duress as usually computers are seized) this is important as you can truthfully claim that you do not have, and never had, access to the session key. So intercepts don't work. > >> I guess what i'm saying is that the deniability feature of OTR is not >> as high a priority for me as the other features (such as IM-layer >> protocol independence, remote-party authentication (including SMP), >> and a clear, simple UI). > > You are in the majority. ;-) All these things are good, but being able to legally frustrate intrusive surveillance is also good. A small step to removing the mobile prison the idiot politicians seem determined to put us all in. -- Brian From ian at cypherpunks.ca Mon Sep 22 12:09:20 2008 From: ian at cypherpunks.ca (Ian Goldberg) Date: Mon, 22 Sep 2008 12:09:20 -0400 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <48D7C099.503@fenrir.org.uk> References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> <20080922132932.GF12033@thunk.cs.uwaterloo.ca> <87myi0te29.fsf@squeak.fifthhorseman.net> <20080922152829.GL12033@thunk.cs.uwaterloo.ca> <48D7C099.503@fenrir.org.uk> Message-ID: <20080922160920.GM12033@thunk.cs.uwaterloo.ca> On Mon, Sep 22, 2008 at 04:58:17PM +0100, Brian Morrison wrote: > Ian Goldberg wrote: > > > OTR offers the same level deniability as plaintext. But it also offers > > strong authentication *during* the conversation. If you used > > pidgin-encryption, for example, every message is digitally signed, which > > would certainly give you *less* deniability than plaintext. > > I would say it has much higher deniability than plaintext, in the sense > of "You said " whereas you can say "I said something, but you do > not know what it was". The really important aspect is the ephemeral > keys, so you can never recover the plaintext if neither party keeps > logs. In the UK, with legally enforceable GAP (or GAK under duress as > usually computers are seized) this is important as you can truthfully > claim that you do not have, and never had, access to the session key. So > intercepts don't work. That's true. Though I usually stick that under OTR's "confidentiality" umbrella, not "deniability". Under "deniability", we include protections against situations where the person you're talking to is himself working against you. - Ian From bdm at fenrir.org.uk Mon Sep 22 12:19:26 2008 From: bdm at fenrir.org.uk (Brian Morrison) Date: Mon, 22 Sep 2008 17:19:26 +0100 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <20080922160920.GM12033@thunk.cs.uwaterloo.ca> References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> <20080922132932.GF12033@thunk.cs.uwaterloo.ca> <87myi0te29.fsf@squeak.fifthhorseman.net> <20080922152829.GL12033@thunk.cs.uwaterloo.ca> <48D7C099.503@fenrir.org.uk> <20080922160920.GM12033@thunk.cs.uwaterloo.ca> Message-ID: <48D7C58E.3000508@fenrir.org.uk> Ian Goldberg wrote: > On Mon, Sep 22, 2008 at 04:58:17PM +0100, Brian Morrison wrote: >> Ian Goldberg wrote: >> >>> OTR offers the same level deniability as plaintext. But it also offers >>> strong authentication *during* the conversation. If you used >>> pidgin-encryption, for example, every message is digitally signed, which >>> would certainly give you *less* deniability than plaintext. >> I would say it has much higher deniability than plaintext, in the sense >> of "You said " whereas you can say "I said something, but you do >> not know what it was". The really important aspect is the ephemeral >> keys, so you can never recover the plaintext if neither party keeps >> logs. In the UK, with legally enforceable GAP (or GAK under duress as >> usually computers are seized) this is important as you can truthfully >> claim that you do not have, and never had, access to the session key. So >> intercepts don't work. > > That's true. Though I usually stick that under OTR's "confidentiality" > umbrella, not "deniability". Under "deniability", we include > protections against situations where the person you're talking to is > himself working against you. Yes, although that really is the ultimate human problem, you need to be sure of your co-conspirators.... -- Brian From smoothambiguity at aol.com Mon Sep 22 12:26:04 2008 From: smoothambiguity at aol.com (smoothambiguity at aol.com) Date: Mon, 22 Sep 2008 12:26:04 -0400 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <48D7C58E.3000508@fenrir.org.uk> References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> <20080922132932.GF12033@thunk.cs.uwaterloo.ca> <87myi0te29.fsf@squeak.fifthhorseman.net> <20080922152829.GL12033@thunk.cs.uwaterloo.ca> <48D7C099.503@fenrir.org.uk><20080922160920.GM12033@thunk.cs.uwaterloo.ca> <48D7C58E.3000508@fenrir.org.uk> Message-ID: <8CAEAE70B4D2D5C-DF0-1ACB@WEBMAIL-MA01.sysops.aol.com> Umm, if I'm not mistaken, the spooky world of deniable encryption was supposed to bridge the gap for those of us who don't trust anyone.? Turning out to be harder than it seemed? ------------------------------------------------------------------------------- This E-mail and any of its attachments may contain SmoothAmbiguity proprietary information, which is privileged, confidential, or subject to copyright belonging to SmoothAmbiguity. This E-mail is intended solely for the use of the individual or entity to which it is addressed by SmoothAmbiguity. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited by SmoothAmbiguity and may be unlawful. If you have received this E-mail in error, please notify SmoothAmbiguity immediately and permanently delete the original and any copy of this E-mail and any printout. This message will self-destruct in your brain. This conversation never happened. Remember: loose lips sink tight ships. See also: SmoothAmbiguity. -----Original Message----- From: Brian Morrison To: otr-users at lists.cypherpunks.ca Sent: Mon, 22 Sep 2008 12:19 pm Subject: Re: [OTR-users] multi-party OTR communications? (and other OTR details) Ian Goldberg wrote: > On Mon, Sep 22, 2008 at 04:58:17PM +0100, Brian Morrison wrote: >> Ian Goldberg wrote: >> >>> OTR offers the same level deniability as plaintext. But it also offers >>> strong authentication *during* the conversation. If you used >>> pidgin-encryption, for example, every message is digitally signed, which >>> would certainly give you *less* deniability than plaintext. >> I would say it has much higher deniability than plaintext, in the sense >> of "You said " whereas you can say "I said something, but you do >> not know what it was". The really important aspect is the ephemeral >> keys, so you can never recover the plaintext if neither party keeps >> logs. In the UK, with legally enforceable GAP (or GAK under duress as >> usually computers are seized) this is important as you can truthfully >> claim that you do not have, and never had, access to the session key. So >> intercepts don't work. > > That's true. Though I usually stick that under OTR's "confidentiality" > umbrella, not "deniability". Under "deniability", we include > protections against situations where the person you're talking to is > himself working against you. Yes, although that really is the ultimate human problem, you need to be sure of your co-conspirators.... -- Brian _______________________________________________ OTR-users mailing list OTR-users at lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users -------------- next part -------------- An HTML attachment was scrubbed... URL: From smoothambiguity at aol.com Mon Sep 22 13:10:53 2008 From: smoothambiguity at aol.com (smoothambiguity at aol.com) Date: Mon, 22 Sep 2008 13:10:53 -0400 Subject: [OTR-users] multi-party OTR communications? (and other OTR details) In-Reply-To: <48D7C894.5030302@fenrir.org.uk> References: <87bpylxs0b.fsf@squeak.fifthhorseman.net> <20080922132932.GF12033@thunk.cs.uwaterloo.ca> <87myi0te29.fsf@squeak.fifthhorseman.net> <20080922152829.GL12033@thunk.cs.uwaterloo.ca> <48D7C099.503@fenrir.org.uk><20080922160920.GM12033@thunk.cs.uwaterloo.ca> <48D7C58E.3000508@fenrir.org.uk> <8CAEAE70B4D2D5C-DF0-1ACB@WEBMAIL-MA01.sysops.aol.com> <48D7C894.5030302@fenrir.org.uk> Message-ID: <8CAEAED4DE381F6-DF0-1F21@WEBMAIL-MA01.sysops.aol.com> Yeah, I guess the real problem lies in how our respective legal systems define what is evidence and/or proof for an intentioned communication.? I recall hearing some lawyers bitching, when I was in college, about a new phenomenon called 'The C.S.I. Effect' (named after the popular television series) where juries where letting more people off because evidence in the case was expected to be more undeniable than is typical in their professional experience.? I was of course seriously put-off by the attitudes of the lawyers, but then it was a wake up call to me.? The prosecutors exist to bust your balls (not necessarily to uphold the concepts of undeniably proven guilt), and whatever more easily pumps their portfolio of statistics with less prosecutorial rigmarole, better still.? Before I digress too far on a rant about what it means to be 'innocent until proven guilty' and how it easily fails us in U.S. court systems, I'd just like to state for the record I hope to see the brilliant minds behind this OTR project hammer out a system either functionally deniable or impossibly secure, though the latter being impossible it tends to lend toward some extra amount of hope in the former.? (I've enough sense not to dream of the unconditional). p.s.- for the record, I feel for you cats in the UK who are being ordered to cough up passwords and keys in a court of law.? Thankfully over here, we're not expected to incriminate ourselves though I'm certain at least a few mustache wearing gumshoes crave to see the day we might. ------------------------------------------------------------------------------- This E-mail and any of its attachments may contain SmoothAmbiguity proprietary information, which is privileged, confidential, or subject to copyright belonging to SmoothAmbiguity. This E-mail is intended solely for the use of the individual or entity to which it is addressed by SmoothAmbiguity. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited by SmoothAmbiguity and may be unlawful. If you have received this E-mail in error, please notify SmoothAmbiguity immediately and permanently delete the original and any copy of this E-mail and any printout. This message will self-destruct in your brain. This conversation never happened. Remember: loose lips sink tight ships. See also: SmoothAmbiguity. -----Original Message----- From: Brian Morrison To: smoothambiguity at aol.com Sent: Mon, 22 Sep 2008 12:32 pm Subject: Re: [OTR-users] multi-party OTR communications? (and other OTR details) smoothambiguity at aol.com wrote: > Umm, if I'm not mistaken, the spooky world of deniable encryption was supposed to bridge the gap for those of us who don't trust anyone.? Turning out to be harder than it seemed? It is hard. But having said that, even if you have authenticated the person you converse with, they may have a log, but there is no independent way to prove that what they logged is what you typed. Of course, that won't help if the other person is a law enforcement stooge and the establishment chooses to believe them over you. -- Brian -------------- next part -------------- An HTML attachment was scrubbed... URL: From les at abcrecycling.com Wed Sep 24 22:52:32 2008 From: les at abcrecycling.com (Les Elton) Date: Wed, 24 Sep 2008 19:52:32 -0700 Subject: [OTR-users] The use of OTR and basic MSN Messenger (not thrid party messengers) Message-ID: <48DA9A80.12258.16741D9@localhost> Hi Folks, I currently use OTR software with Trillian and it works great between my group of folks who use Third Party IM software. But, is there a way to intigrate OTR software with standard MSN Messenger ? A very large number of the folks I communicate with on a daily bases are MSN Messenger users. Thanks, Les Elton Network Admin., ABC Recycling Ltd http://www.abcrecycling.com From bdm at fenrir.org.uk Thu Sep 25 02:32:54 2008 From: bdm at fenrir.org.uk (Brian Morrison) Date: Thu, 25 Sep 2008 07:32:54 +0100 Subject: [OTR-users] The use of OTR and basic MSN Messenger (not thrid party messengers) In-Reply-To: <48DA9A80.12258.16741D9@localhost> References: <48DA9A80.12258.16741D9@localhost> Message-ID: <20080925073254.0fa4f019@peterson.fenrir.org.uk> On Wed, 24 Sep 2008 19:52:32 -0700 "Les Elton" wrote: > Hi Folks, > > I currently use OTR software with Trillian and it works great between > my group of folks who use Third Party IM software. But, is there a > way to intigrate OTR software with standard MSN Messenger ? No, that's what you get for using closed-source. > > A very large number of the folks I communicate with on a daily > bases are MSN Messenger users. If the OTR use is important, then encourage them to use Pidgin or similar instead for those uses it supports. -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html