On Wed, Sep 5, 2012 at 10:37 AM, Brian Morrison <[email protected]> wrote: > On Wed, 5 Sep 2012 09:12:53 -0500 > Karen Trudeau <[email protected]> wrote: > >> Any suggestions? > > I don't know what the developers decided to do after a discussion > about this on the list a while ago, but for this new version with OTR > active you must override the default no logging policy on each and > every occasion you use it.
I hope not, because the intuitive fix to thos is to not use OTR which is a clear regression. > Having a log makes you vulnerable to seizure and search in > jurisdictions that allow it, the point of OTR is to make conversations > deniable and having them logged in plain text defeats that deniability > instantly. Hogwash. OTR avoids cryptographically non-reputable authentication. But nothing can stop something from logging the traffic/cryptographic keys/ removing this misfeature (hopefully bug). A log on disk is as reputable as any other plaintext, which is the goal. I ca n see value it having some mode for cooperating clients to signal logging or coordinate disabling it. But if it makes it so people can't comfortably use OTR by default on every conversation without inconvenience even "when they have noting to hide" it's a major security/safety regression. _______________________________________________ OTR-users mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-users
