[OTR-dev] OTR Deniabilty (was: otr dh key encryption)
Kjell Braden
kb at pentabarf.de
Tue Feb 19 05:20:04 EST 2013
On 2013-02-19 08:58, Alex wrote:
> I never understood how the denyability aspect of OTR actually works. If
> you have a conversation with a "friend" who recently became an
> informant, how would OTR provide more denyability than an unencrypted,
> unsigned conversation?
During a OTR session, the protocol frequently renews the session keys.
Meanwhile, old keys will be revealed to the other party.
In my understanding this means that after a session, one party could
forge messages from the other party, which means that, in court, each
party could claim the other party forged the (allegedly authenticated)
messages they try to use as proof.
> Sadly, I don't think the US government really cares if you have
> denyability, they'll do whatever they damn well please. :(
If the judge doesn't care about the encryption/authentication but
instead just sees proof in screenshots from chat logs it doesn't really
matter if you used OTR (ie. deniability), PGP (ie. non-repudiation) or
no encryption at all.
--
Kjell
More information about the OTR-dev
mailing list