El mar, 07-03-2006 a las 14:49 -0800, Justin Karneges escribió: > On Tuesday 07 March 2006 14:12, Peter Saint-Andre wrote: > > So the repudiability and perfect forward security aspects of OTR don't give > > me much comfort in the real world.
The thing is that in the real world the cryptography will only be considered seriously if it is understand, and i guest lawyers do not understand it properly. As an example, in my country (spain) a few years ago (10 year maybe?) a teenager was in court because he makes a port scan to a bank (is it such a big deal?!?!), and the jugde was there asking , he make a waht? a scan port? the computer has ports? what is it like a dock? Come on free him. Although that is true (exagerated, but it happened like i said), If i persist on saying "no, i did not send that email saying Blablabla", a lawyer will never find a way to probe that i'm saying a lie, and of course if he ask a cryptographer he will never say "this is 100% secure" so the "non-repudiability" doesn't look to fit propely in the "real world"... unfortunately... > > Exactly. > > Interesting of you to bring up forward secrecy here. I believe that's where > if your public key is compromised, your past session keys aren't. TLS has > this (and probably SSH also), and I'd consider this to be a generally useful > feature. However, in the context of IM, where you're sending your content to > another party with a large chance of it being logged, forward secrecy seems > to be a lot less useful. > > -Justin
