[OTR-dev] mpOTR project
Gregory Maxwell
gmaxwell at gmail.com
Tue Dec 17 11:04:08 EST 2013
On Tue, Dec 17, 2013 at 7:41 AM, Ximin Luo <infinity0 at gmx.com> wrote:
> Haven't had time to read through the wiki yet, but just wondering, what are
> your ideas on deniability? Some of us want to drop this property because
> it's really not that strong[1], and requiring it makes other parts of the protocol
> harder / more complex. Also, we are being paid by a state entity to get all
> messages cryptographically signed. Because of this, we also intend to drop the name
> "mpOTR", on the basis that deniability and "off-the-record" can be misleading
> or a non-technical user.
I think it is unethical to offer chat protocols that silently create
cryptographic non-repudiation where none was requested or expected by
the user. The user thought they were increasing their security, but
in some cases they were actually decreasing it. Yes, it isn't that
strong against "strong" attacker who are "trustworthy" where people
would believe a fabricated log regardless, but that is only one class
of attacker many are not so easily trusted.
If you want to go and build a harmful thing— thats your business. But
why are you posting to the OTR mailing list?
More information about the OTR-dev
mailing list