[OTR-users] List of OTR-aware software
Ian Goldberg
ian at cypherpunks.ca
Wed Jun 25 23:14:06 EDT 2008
On Wed, Jun 25, 2008 at 04:51:29PM +0200, db wrote:
> Why do you want to be able to deny what you have written/said to
> friends/colleges? Besides, OTR can not live up to this promise in a
> more European legal system where courts typically can consider any
> type of evidence/they are free to sift evidence at their will (e.g.,
> if you have backup copies of logs that are several years old, and
> these backups pre-dates a court case with a good margin, and these
> copies are identical to the logs in you IM client most court would
> consider these logs strong evidence).
This is a common misconception: OTR of course can't provide *more*
deniability than plaintext. If an unauthenticated plaintext transcript
of your IM conversation is admissible in court, the OTR logs would be as
well.
What OTR gives you is that you don't get *less* deniability, while at
the same time you get strong authentication. That is, you know it
really was Bob who sent you that message, but there's no mathematical
proof of that fact. Contrast pidgin-encryption, for example, where
every message is digitally signed.
The advantage of using OTR over, say, Jabber+SSL is that OTR is
end-to-end. With Jabber+SSL, the Jabber server has to be trusted not to
read and/or modify your messages.
- Ian
More information about the OTR-users
mailing list