[OTR-users] otr docs update for https://otr.cypherpunks.ca/help/4.0.0/levels.php?lang=en
Greg Reagle
reagle at cepr.net
Fri Apr 17 13:11:27 EDT 2015
So my suggestion is an asterisk by the word "assured", "impostor", and
"confident", and put the the following text at the bottom with the
asterisk.
* Regarding this "confidence", this document was written with a specific
threat model assumed, but in the real world, there are vulnerabilities.
If Mallory can get access to Bob's private key (which is stored in a
file on his hard drive un-encrypted), then Mallory can impersonate Bob
and fool people into thinking they are securely talking to Bob, when
they are talking to Mallory, even though their program claims that the
conversation is private and Bob has been authenticated. Mallory could
get Bob's secret key by gaining physical access to his computer, or by
hacking into his computer with spy-ware, or by exploiting OS or other
vulnerabilities. Complete endpoint security is beyond the scope of this
document, and beyond the scope of OTR.
--
Greg Reagle
System & Network Administrator
Center for Economic and Policy Research
reagle at cepr.net
More information about the OTR-users
mailing list