On Fri, Dec 12, 2014 at 10:23 AM, Trevor Perrin <[email protected]> wrote: > > First, I don't think this needs to be explained to users, because it's > not a change from what they're used to. On the contrary, having > signed, hard-to-disavow traces of conversations lying around seems > like a significant and surprising change. I'd be much more worried > about explaining *that* to users. >
This is a very important point regardless of whether deniability has any legal value (who knows? untested. etc...). Deniability is a security property of unencrypted communication which is easy for users to understand and on which they depend every time they communicate with somebody they are unable to trust to not maliciously leak their private conversation to third parties. It's a component of risk evaluation in situations where you're unsure about the intentions of the other party. It seems rather unfair (maybe even hostile) to users to sell them on purported 'secure' communication protocols which are in some ways inferior and actually less secure than not using them because an obvious intuitive property of clear text communication has been undermined in a way we can't even explain to them. If deniability was impossible or impractical to achieve then I guess we'd have to then figure out how to effectively warn users about how cryptography complicates repudiation, but since we do know how to design for deniability then we should do that obviously. Yes? --b _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
