[OTR-users] Can't enable logging with 4.0.0
Gregory Maxwell
gmaxwell at gmail.com
Wed Sep 5 12:02:04 EDT 2012
On Wed, Sep 5, 2012 at 10:37 AM, Brian Morrison <bdm at fenrir.org.uk> wrote:
> On Wed, 5 Sep 2012 09:12:53 -0500
> Karen Trudeau <karen.trudeau at gmail.com> wrote:
>
>> Any suggestions?
>
> I don't know what the developers decided to do after a discussion
> about this on the list a while ago, but for this new version with OTR
> active you must override the default no logging policy on each and
> every occasion you use it.
I hope not, because the intuitive fix to thos is to not use OTR which
is a clear regression.
> Having a log makes you vulnerable to seizure and search in
> jurisdictions that allow it, the point of OTR is to make conversations
> deniable and having them logged in plain text defeats that deniability
> instantly.
Hogwash. OTR avoids cryptographically non-reputable authentication.
But nothing can stop something from logging the traffic/cryptographic
keys/ removing this misfeature (hopefully bug). A log on disk is as
reputable as any other plaintext, which is the goal.
I ca n see value it having some mode for cooperating clients to signal
logging or coordinate disabling it. But if it makes it so people
can't comfortably use OTR by default on every conversation without
inconvenience even "when they have noting to hide" it's a major
security/safety regression.
More information about the OTR-users
mailing list