[OTR-dev] mpOTR protocol phases and research questions
Greg Troxel
gdt at ir.bbn.com
Wed Oct 23 13:13:42 EDT 2013
Trevor Perrin <trevp at trevp.net> writes:
> Deniability is achieved because any party could forge records of
> communication with other parties that a 3rd-party judge could not,
> post-facto, cryptographically distinguish from actual records.
>
> Because such forgery is possible, "malleablility" of transcripts isn't
> necessary, and the OTR / mpOTR rigamarole around "modifiable
> transcripts" and publishing signing/MAC keys becomes unnecessary. If
> you can *forge* transcripts from scratch, there's no need to modify
> existing ones.
It seems that the hard property is to simultaneously achieve:
deniability
authentication to the counterparty in real time
confidentiality, which means more than encryption, but also being
sure that you are encrypting in a key that only the authorized
counterparty has
It seems that OTR does all of this, and I don't understand how you
propose to get the second two properties with unsigned DH.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20131023/cc2617db/attachment.pgp>
More information about the OTR-dev
mailing list