On Tue, 19 Feb 2013 02:58:50 -0500 Alex <alex...@gmail.com> wrote: > I never understood how the denyability aspect of OTR actually works. > If you have a conversation with a "friend" who recently became an > informant, how would OTR provide more denyability than an unencrypted, > unsigned conversation? > > Sadly, I don't think the US government really cares if you have > denyability, they'll do whatever they damn well please. :(
What the US gov (or any other snooper) does or doesn't do is irrelevant to the conversation in the sense this is just about best practices and mathmatics which should apply to any adversary. OTR was never supposed to help if you are tortured into talking, I don't think. At my first glance, OTR seems to mesh very well with the anonymity goals one would have when using tor. Well, I am trying to create a communication methodology for sparse groups of people. I was thinking of making OTR a part of the recommendation. You can see https://fairieunderground.info/node/133 for the full specs... using this method, PGP mail is the main authentication, and then otr is used for actual communication since it uses temporary keys. Actually anything that actually provides strong authentication/encryption is used for scheduling "otr" conversations...or any other method that uses temporary encryption keys. This is an aid to forward secrecy, and is also an aid against traffic analysis. (Just knowing who is communicating with who and when). I was just reviewing whether or not otr or torchat meets forward security recommendations, which neither of them really do (so it seems). Perhaps I should just recommend to use some other side channel with throw-away PGP RSA asymmetric keys exchanged over authenticated PGP email. This would require posting encrypted PGP messages to some public forum, USENET group, or such. For just an extra layer of security (and to get pfs) I am reluctant to exchange symmetric keys over PGP email...people are only so good at keeping cryptographic keys secure...so it has to be dh. OTR seems ideal for this model, if I felt better about its cryptographic strength. Thanks, Ileana _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
