[OTR-users] multi-party OTR communications? (and other OTR details)
Ian Goldberg
ian at cypherpunks.ca
Mon Sep 22 12:09:20 EDT 2008
On Mon, Sep 22, 2008 at 04:58:17PM +0100, Brian Morrison wrote:
> Ian Goldberg wrote:
>
> > OTR offers the same level deniability as plaintext. But it also offers
> > strong authentication *during* the conversation. If you used
> > pidgin-encryption, for example, every message is digitally signed, which
> > would certainly give you *less* deniability than plaintext.
>
> I would say it has much higher deniability than plaintext, in the sense
> of "You said <thing>" whereas you can say "I said something, but you do
> not know what it was". The really important aspect is the ephemeral
> keys, so you can never recover the plaintext if neither party keeps
> logs. In the UK, with legally enforceable GAP (or GAK under duress as
> usually computers are seized) this is important as you can truthfully
> claim that you do not have, and never had, access to the session key. So
> intercepts don't work.
That's true. Though I usually stick that under OTR's "confidentiality"
umbrella, not "deniability". Under "deniability", we include
protections against situations where the person you're talking to is
himself working against you.
- Ian
More information about the OTR-users
mailing list