[OTR-users] Google Alert : How to keep instant messaging off the record
Paul Wouters
paul at xelerance.com
Mon Oct 17 23:46:24 EDT 2005
On Mon, 17 Oct 2005, Aldert J.B.P. Hazenberg wrote:
> Google pointed me today at :
> http://internet.newsforge.com/internet/05/10/07/1521221.shtml?tid=13
He got some minor errors though:
> Deniable authentication means that, while Bob is talking to Alice, he's
> assured that he really is talking to Alice, and not an imposter. However,
> Bob cannot turn around and prove to Charlie that he's talking to
> Alice. The key here is that all the messages between Alice and Bob come
> with proof that they were written by either Alice or Bob, but you can't
> tell which. When Bob gets such a message, he knows that he didn't write
> it, so it must have been written by Alice. But if Bob shows this message
> to Charlie, Charlie has no reason to believe Alice wrote it, since Bob
> could have written it himself.
He got it wrong here though :(
(deniability is in the fact that *afterwards* anyone can "encrypt" messages
with the 'leaked' the old keys, so *anyone* who sniffed the communications
(not just alice or bob) could forge messages in the past (but not read any)
He also tried to run gaim with otrproxy, which is kinda weird.
Paul
--
"Happiness is never grand"
--- Mustapha Mond, World Controller (Brave New World)
More information about the OTR-users
mailing list