Hi, I'm studying the mpOTR design and would have some questions regarding algorithm 4 and some other questions regarding chapter 3.2.3 of the paper: http://www.cypherpunks.ca/~iang/pubs/mpotr.pdf
- Is denAKE(A,B) equal or similar to the OTR protocol? (if that is not the case where can I find more information about denAKE) - Is k the encryption key and km the key for the MAC? - If that is the case, why is km in line 4 (Send(B, SymEnc(Sign())..)) used if there is no MAC (just SymEnc)? Regarding the deniability in the case where a judge forces participants of a chat session (c1) to disclose their long term private keys: From chapter 3.2.3: " Our privacy requirement is stronger than the settings presented in [11, 12] because J must not be able to distinguish between Alice’s transcripts and forgeries even if J gets Alice’s long-term secrets. " later on: " We accept that users cannot convincingly deny their static secrets in order to achieve a less compli- cated protocol. The users can still deny taking part in any fixed chatroom and the content of messages that they sent. " My question: Is this last sentence true, even if a judge gets the long-term keys of all participants of a given chat session, or was the requirement in chapter 3.2.3 sacrified for a "less complicated" design? I found some slides of talk at CCS: http://goliath.cs.ucdavis.edu/~matt/pubs/mpotr-ccs09/mpotr-ccs09-slides.pdf Does someone know if this talk is available somewhere? kind regards, Christoph
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
