<div> <font face="Arial, Helvetica, sans-serif">Umm, if I'm not mistaken, the spooky world of deniable encryption was supposed to bridge the gap for those of us who don't trust anyone. Turning out to be harder than it seemed?</font><br>
</div>
<div> <br>
</div>
<div id="sig2436" style="clear: both;"><font>-------------------------------------------------------------------------------<br>
This E-mail and any of its attachments may contain SmoothAmbiguity proprietary information, which is privileged, confidential, or subject to copyright belonging to SmoothAmbiguity. This E-mail is intended solely for the use of the individual or entity to which it is addressed by SmoothAmbiguity. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited by SmoothAmbiguity and may be unlawful. If you have received this E-mail in error, please notify SmoothAmbiguity immediately and permanently delete the original and any copy of this E-mail and any printout. This message will self-destruct in your brain. This conversation never happened. Remember: loose lips sink tight ships. See also: SmoothAmbiguity.</font></div>
<div> <br>
</div>
<div> <br>
</div>
-----Original Message-----<br>
From: Brian Morrison <bdm@fenrir.org.uk><br>
To: otr-users@lists.cypherpunks.ca<br>
Sent: Mon, 22 Sep 2008 12:19 pm<br>
Subject: Re: [OTR-users] multi-party OTR communications? (and other OTR details)<br>
<br>
<div id="AOLMsgPart_0_4b757b1a-6e27-4889-a462-269fde7f4e76" style="margin: 0px; font-family: Tahoma,Verdana,Arial,Sans-Serif; font-size: 12px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">
<pre style="font-size: 9pt;"><tt>Ian Goldberg wrote:<br>
> On Mon, Sep 22, 2008 at 04:58:17PM +0100, Brian Morrison wrote:<br>
>> Ian Goldberg wrote:<br>
>><br>
>>> OTR offers the same level deniability as plaintext. But it also offers<br>
>>> strong authentication *during* the conversation. If you used<br>
>>> pidgin-encryption, for example, every message is digitally signed, which<br>
>>> would certainly give you *less* deniability than plaintext.<br>
>> I would say it has much higher deniability than plaintext, in the sense<br>
>> of "You said <thing>" whereas you can say "I said something, but you do<br>
>> not know what it was". The really important aspect is the ephemeral<br>
>> keys, so you can never recover the plaintext if neither party keeps<br>
>> logs. In the UK, with legally enforceable GAP (or GAK under duress as<br>
>> usually computers are seized) this is important as you can truthfully<br>
>> claim that you do not have, and never had, access to the session key. So<br>
>> intercepts don't work.<br>
> <br>
> That's true. Though I usually stick that under OTR's "confidentiality"<br>
> umbrella, not "deniability". Under "deniability", we include<br>
> protections against situations where the person you're talking to is<br>
> himself working against you.<br>
<br>
Yes, although that really is the ultimate human problem, you need to be<br>
sure of your co-conspirators....<br>
<br>
-- <br>
<br>
Brian<br>
_______________________________________________<br>
OTR-users mailing list<br>
<a __removedlink__580965938__href="mailto:OTR-users@lists.cypherpunks.ca">OTR-users@lists.cypherpunks.ca</a><br>
<a __removedlink__580965938__href="http://lists.cypherpunks.ca/mailman/listinfo/otr-users" target="_blank">http://lists.cypherpunks.ca/mailman/listinfo/otr-users</a><br>
</tt></pre>
</div>
<!-- end of AOLMsgPart_0_4b757b1a-6e27-4889-a462-269fde7f4e76 -->
<div id='u8CAEAE70B4D2D5C-DF0-1ACB' class='aol_ad_footer'><FONT style="color: black; font: normal 10pt ARIAL, SAN-SERIF;"><HR style="MARGIN-TOP: 10px">Find phone numbers fast with the <A title="http://yellowpages.aol.com/?NCID=emlweusyelp00000001" href="http://yellowpages.aol.com/?NCID=emlweusyelp00000001" target="_blank">New AOL Yellow Pages</A>!</FONT> </div>