[OTR-users] Gaim plugin and archiving

[Didier Frick]

OK, we clearly have different opinions ;)

Le dimanche 07 mai 2006 à 20:20 +0200, Moritz 'Morty' Strübe a écrit :
> Didier Frick schrieb: 
> > ... 
> I do not agree with you. That's something different. The last point is
> about someone sniffing the traffic and getting your private keys (i.e.
> by force) and still not being able to decode anything. Logging is
> about the guy you're talking to. There is no _software_ that can tell
> you if you can trust him. 
> You have to trust him, that he's not logging. 

There _is_ software that can reasonably guarantee you the guy is not
logging by not allowing him to, unless he goes out of his way, which you
can't prevent anyway I agree.

> You have to trust him that he keeps his computer free of spy ware,
> etc.

That's where the "forward secrecy" comes into play: if his machine is
infected by spy ware at time T:

a) if you're not logging messages at times greater than T are
compromised
b) if you're logging and have been for a while, ALL logged messages from
the past are compromised

> Logging affects only the third statement anyway. And not even that,
> because you can always say the he edited the log with a editor. 
> This stuff is all about "the others" not about the guy you're talking
> to.
> At least if I got it right. ;-)
> Morty

I'm still not convinced though: the "guy you're talking to"'s machine
can be compromised
later by "the others" and the logged messages can be retrieved.

To me "forward secrecy" means "the message you just sent cannot be
retrieved, ever, no matter what happens". OK, maybe it's not the
technical definition but I suspect it's the one most "end users" will
understand.

If you don't use logging, this condition is true thanks to 
the design of the OTR protocol. If you do use logging, this undermines
the protection offered by the OTR protocol, both for you and for the
party you're communicating with.