[OTR-dev] Clever logging for weechat_otr plugin (+ log management discussion)
Michael Rogers
michael at briarproject.org
Thu Mar 14 12:35:22 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 14/03/13 15:04, Thijs Alkemade wrote:
> End-to-end encryption and confidentiality are orthogonal features,
> in my opinion.
>
> In my browser, I try to maximize the usage of SSL. Banking
> information or login credentials being stolen are dangerous
> problems that I want to avoid.
>
> On the other hand, I have private browsing/incognito mode for those
> websites I would not want to keep around in my browser history.
>
> I don't find it necessary to require both at the same time: I'm
> happy with my browser suggesting my bank from my history (hey,
> saves me the risk of some typos) and I'm fine with private browsing
> happening without SSL, if that's not available.
>
> I think the situation for OTR and logging is exactly the same: I
> use OTR if I don't want my conversations to be read by Google,
> Microsoft or the US government. I'm not using OTR to be able to
> pretend that the conversation never took place. But when I do want
> that, I make a separate, concious, decision to also turn logging
> off.
When I say "confidentiality", I mean that the content of the
conversation is concealed from third parties. I'm not talking about
concealing the fact that a conversation between two parties has taken
place.
Logging undermines confidentiality by keeping a record of the content
of the conversation that may later be obtained by third parties. Some
people may decide that the usefulness of having a record outweighs the
risk of the record being exposed. But I'm arguing that today, when
using OTR is an uncommon choice indicating a desire for
confidentiality and/or deniability, and when keeping logs confidential
involves making other uncommon choices such as disk encryption, we
should conservatively assume that the risk of keeping a record
outweighs the usefulness, unless told otherwise.
In the future, OTR and disk encryption may be commonly used, in which
case a different default may make sense.
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRQfxKAAoJEBEET9GfxSfMFVQH/RMUBKts6HuUiRVAny8Ui29T
WHJYWiujZzkS1Z4bAT7yAmCxkzaZSAXYY3xQzJlbMwMct+rsC4vFpe72+DY6Gsx4
JVmBPHGYCKFbP85ZGVg2Bq6ENN3Fju7avcBpArG4tw3GofgWF6V2ImXuyP79MbWc
K5jHQVhQkx0fgd+vNIHx/MXx9BP8URU6qZTa86Jk7C5ZJ+MfpU16pRLyxg/8ovc0
0gBsDrFM02GgwNryTd/WFic+ir8wK+u0qTeEfM55Mhtaacn9Z2USNt3YrKc0WEAU
3dliWj6lf+dX+hYWhRnh6SOIa14C7+h3FqWd1QDEGFKEU2+IC+DGuXlVB37CuaU=
=SwMr
-----END PGP SIGNATURE-----
More information about the OTR-dev
mailing list