-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2014.12.10 15.52, Ximin Luo wrote: > Yes, deniability won't prove the lack of authorship in legal > settings, because in current systems there's lots of other > evidence that suggests (or "proves-in-court") authorship. However, > once we have systems that provide unlinkability, then deniability > becomes more useful - so better to build it in now.
By which mechanism does it become more useful? > I don't understand the source of this perception that people have > "been wasting time" on it, though. The delay in doing end-to-end > group chat hasn't been because of deniability, but other more > structural issues around the fact that it's a group chat. Interesting. It's my understanding (and apologies if I'm wrong on this) that the complexity around deniability rules out a large number of possible solutions that provide the other set of properties we might like. The question I asked on libtech was about where requirements were sourced from and, for instance, the work that was done in providing deniability in (n+1)sec without providing any kind of moderator-kick ability at the protocol level, the former not being something we see any field demand for and the latter being absolutely critical in most real uses. > Generally, we want to have the maximum security for ourselves - > which includes the inability for our recipients to prove to 3rd > parties that we sent a message. So this should be the "default" > security property to aim for. No, we want to have the set of security properties that have proven field utility and we can roll back from there. I agree with the logic of this paragraph, but not your evaluation of the starting point. > As per the OP's situation, sometimes it could be useful to set up > an additional social contract along the lines of "I don't want to > talk to you unless you give me the ability to prove to 3rd parties > that you said this", we can easily do it on top of a deniable > system - by signing everything again inside the deniable channel. > But we can't build deniability on top of signatures. So it's best > to start off with deniability as the base security property for a > channel. > > TL;DR: yes deniability is not useful legally (currently), but it's > still useful for other reasons. You have not in fact done anything other than handwave in this direction. E. - -- Ideas are my favorite toys. -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlSItHcACgkQQwkE2RkM0wqSIgD/TYdaCUOGl9zyzdhBdPnRieF7 DoEbIPuZhc6UkKo6isEA/0bbdxQZZF+T8d+3NK8REwSDDn6/z8geotBZNUFE69tY =dL6F -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
