[OTR-users] multi-party OTR communications? (and other OTR details)

smoothambiguity at aol.com smoothambiguity at aol.com
Mon Sep 22 12:26:04 EDT 2008 

 Umm, if I'm not mistaken, the spooky world of deniable encryption was supposed to bridge the gap for those of us who don't trust anyone.? Turning out to be harder than it seemed?


 


-------------------------------------------------------------------------------
This E-mail and any of its attachments may contain SmoothAmbiguity proprietary information, which is privileged, confidential, or subject to copyright belonging to SmoothAmbiguity. This E-mail is intended solely for the use of the individual or entity to which it is addressed by SmoothAmbiguity. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited by SmoothAmbiguity and may be unlawful. If you have received this E-mail in error, please notify SmoothAmbiguity immediately and permanently delete the original and any copy of this E-mail and any printout. This message will self-destruct in your brain. This conversation never happened. Remember: loose lips sink tight ships. See also: SmoothAmbiguity.

 


 

-----Original Message-----
From: Brian Morrison <bdm at fenrir.org.uk>
To: otr-users at lists.cypherpunks.ca
Sent: Mon, 22 Sep 2008 12:19 pm
Subject: Re: [OTR-users] multi-party OTR communications? (and other OTR details)










Ian Goldberg wrote:
> On Mon, Sep 22, 2008 at 04:58:17PM +0100, Brian Morrison wrote:
>> Ian Goldberg wrote:
>>
>>> OTR offers the same level deniability as plaintext.  But it also offers
>>> strong authentication *during* the conversation.  If you used
>>> pidgin-encryption, for example, every message is digitally signed, which
>>> would certainly give you *less* deniability than plaintext.
>> I would say it has much higher deniability than plaintext, in the sense
>> of "You said <thing>" whereas you can say "I said something, but you do
>> not know what it was". The really important aspect is the ephemeral
>> keys, so you can never recover the plaintext if neither party keeps
>> logs. In the UK, with legally enforceable GAP (or GAK under duress as
>> usually computers are seized) this is important as you can truthfully
>> claim that you do not have, and never had, access to the session key. So
>> intercepts don't work.
> 
> That's true.  Though I usually stick that under OTR's "confidentiality"
> umbrella, not "deniability".  Under "deniability", we include
> protections against situations where the person you're talking to is
> himself working against you.

Yes, although that really is the ultimate human problem, you need to be
sure of your co-conspirators....

-- 

Brian
_______________________________________________
OTR-users mailing list
OTR-users at lists.cypherpunks.ca
http://lists.cypherpunks.ca/mailman/listinfo/otr-users



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20080922/9cf508ae/attachment.html>

More information about the OTR-users mailing list