George Kadianakis: > (PS, maybe one day courts will *have* to take deniability > seriously. This might happen with time as technology gets even more > important and even more deniability-related cases get investigated. Or > it might happen if people try to *force* the courts to take > deniability seriously by forging conversations of people that the > courts want to protect. In any case, I wouldn't be surprised if > deniability is never taken seriously for "important" cases like the > one you cited.) >
Deniability is an important property. Any group chat protocol without deniability is sure to be a disaster for some person at some point. To make this discussion clearer I think two properties we specifically need to discuss when we discuss deniablity are repudiation and non-repudiation[0]. Courts *do* take digital signatures seriously. In some US States, digital signature laws make it a legally binding signature. With long term identity keys, we see that Thus if there is a chat protocol that uses signatures in a way that ensures non-repudiation, I believe we have case law, as well as actual digital signature law that makes such non-repudiation legally binding. It also seems clear that it would be hard to explain that either or any person in the chat could have forged it. If signatures may be checked by a third party after the fact, especially signatures that may only produced by the person in question, those signatures *will* be used against people. We know that something as lame as text logs will be used against people - we should strive to ensure that we don't cryptography enhance the logs and make such a task easier. With non-repudiation, transcripts and chat room fragmentation become a serious social as well as a serious security problem. Some multi-party chat protocols likely have this problem already and we shouldn't encourage more protocols to have this flaw. All the best, Jacob [0] https://en.wikipedia.org/wiki/Non-repudiation _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
