[OTR-users] single pass deniable authentication

Ian Goldberg ian at cypherpunks.ca
Fri Aug 12 08:18:58 EDT 2005


On Thu, Aug 11, 2005 at 02:06:12PM -0700, CLAY SHENTRUP wrote:
> The fact that it can operate in a single
> pass might be helpful for offline messages that you still want
> to be secure and authenticated, but repudiable.
> Thoughts?  Opinions?

But it doesn't have perfect forward secrecy: if Bob's long-term
(for use while he's offline) keys are compromised, all past messages
to Bob get revealed.

There are lots of ways to do one-pass repudiable authentication; we
talked about one (ring signatures) in the original OTR paper.

   - Ian



More information about the OTR-users mailing list