[OTR-users] List of OTR-aware software

Lou Springer lou at louspringer.com
Wed Jun 25 11:50:16 EDT 2008 

Brian,

Speaking for myself, the message content encryption is sufficient for  
my *current* needs. I also occasionally need the logs for the message  
content as db has outlined. My diminishing 52 year old memory requires  
the augmentation.

The core requirement for OTR as you have outlined it is interesting,  
and I was unaware of this important distinction between OTR and  
conventional encryption like SSL. I personally have no *current* need  
for it. However, I would *strongly* stipulate it is an important and  
necessary capability, and would never suggest otherwise.

I should say I'm not a big fan of anonymity in normal civil discourse,  
in person or on the web, particularly as a default mode of operation.  
However, there are unfortunately times and circumstances for it.

The inherent tendency of all things on the web to be recorded in much  
greater mind-numbing totality does distinguish web communication from  
normal public discourse. Its rare that public conversations and phone  
calls are recorded unbeknownst to the participants. The same can't be  
said for email, chat and browsing behavior, which I always assume are  
meticulously recorded in every detail for all time, good bad or  
otherwise.

Lou

On Jun 25, 2008, at 9:14 AM, Brian Morrison wrote:

> db wrote:
>> On Thu, Jun 19, 2008 at 8:59 PM, Michael Reichenbach
>> <michael_reichenbach at freenet.de> wrote:
>>> There are also already nice articles in the wiki.
>>> http://en.wikipedia.org/wiki/Off-the-Record_Messaging
>>> http://en.wikipedia.org/wiki/Comparison_of_instant_messaging_clients
>>
>> In this article you can read
>>
>>> The primary motivation behind the protocol was providing  
>>> deniability for the conversation participants while keeping  
>>> conversations confidential, like a private conversation in real  
>>> life, or off the record in journalism sourcing. This is in  
>>> contrast with the majority of cryptography tools which resemble  
>>> more a signed writing on paper, which can be used, at a later  
>>> date, as a tool to demonstrate that the communication happened,  
>>> who participated in it, and about what it was. Unfortunately, in  
>>> most cases people using ordinary cryptography software are not  
>>> aware of this and in most cases they would be better served by OTR  
>>> tools instead. Hence the initial introductory paper was named "Off- 
>>> the-Record Communication, or, Why Not To Use PGP".[1]
>>
>> I really don't understand the purpose with OTR in any regular  
>> context.
>> Why do you want to be able to deny what you have written/said to
>> friends/colleges? Besides, OTR can not live up to this promise in a
>> more European legal system where courts typically can consider any
>> type of evidence/they are free to sift evidence at their will (e.g.,
>> if you have backup copies of logs that are several years old, and
>> these backups pre-dates a court case with a good margin, and these
>> copies are identical to the logs in you IM client most court would
>> consider these logs strong evidence).
>
> If you are using OTR, you should not be keeping any logs. The point is
> plausible deniability. If the keys are ephemeral, then the content of
> your conversations is protected from compromise because *any*  
> plaintext
> can result from ciphertext protected with an unknown and unknowable  
> key.
> It makes no difference whether the authorities have your intercepted
> ciphertext, it could say anything and all they can assume from it is
> some kind of association with another person, they cannot prove  
> anything
> and you cannot be forced to compromise or incriminate yourself because
> you do not have the session key(s) at the time or later.
>
>>
>> The only reasonable use for OTR is in contexts such as in Tibet. A
>> typical user in a democratic society are probably much more  
>> interested
>> in the type of confidentiality you are used to when you do online
>> banking - that is, prevention of eaves dropping.
>
> Everyone should take all possible steps to protect their private
> conversations, privacy is the root of a civilized society, no one else
> has any rights to know what I am talking about with anyone else. That
> especially includes governments and their agents, just because they  
> can
> monitor electronic communication does not mean that it should be any
> easier for them than recording and transcribing ever voice  
> conversation
> taking place in the entire country.
>
>>
>> In my case OTR even caused a lot of headache since most of my chat
>> logs are trivial and I like to store them in my gmail account. Now I
>> just have a lot of encrypted logs I never will be able to decode =
>> phone numbers to friend's friends, e-mail addresses etc are lost
>> forever.
>
> Then don't store these important pieces of information in these logs
> that you should not be keeping anyway, extract it and save it
> separately. But remember that it might be incriminating in itself.
>
> I'm very puzzled as to why you're using OTR, it appears to not do what
> you want at all.
>
> -- 
>
> Brian
> _______________________________________________
> OTR-users mailing list
> OTR-users at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-users

More information about the OTR-users mailing list