On 05/12/13 23:17, Daniel Kahn Gillmor wrote: > On Fri 2013-11-29 12:59:56 -0500, Ximin Luo wrote: >> On 29/11/13 16:55, Daniel Kahn Gillmor wrote: >>> https://www.calyxinstitute.org/events/multiparty-otr-and-deniability >> >> Unfortunately I'm nowhere nearby, but would be interested in any materials >> you guys might release afterwards! > > Here's my writeup of the meeting: > > https://www.debian-administration.org/users/dkg/weblog/104 >
> To be clear, this kind of deniability means Alice can correctly say "you have > no cryptographic proof I said X", but it does not let her assert "here is > cryptographic proof that I did not say X" (I can't think of any protocol that > offers the latter assertion). I can add a third form of "deniability" (or "repudiability", to match the terminology for signatures). From the strongest to the weakest, these are: 1. "I strongly prove the negative" - I can strongly prove that I did not say X, what you mentioned. Intuitively, this seems impossible. 2. "I strongly negate any proof" - any proof (strong or weak) is hard to find/construct (similar to what steganography does). This would include all sorts of metadata, such as how I send the data, the timing of me sending the data, who I send it to, who it appears to come from, and probably many more things I can't think of right now. 3. "I negate any strong proof" - no strong proof exists, what OTR provides. (3) is what OTR provides, (1) is what you said, but (2) I think might theoretically be possible, albeit costly - e.g. by running over Tor, using short-lived identities, etc. I don't know of any technology that does this, but it is a much easier goal than (1). > Comments and feedback welcome. > > From my writeup: > >>>> My takeaway from the discussion is that the legal utility of OTR's >>>> deniability is non-zero, but quite low; and that development energy >>>> focused on deniability is probably only justified if there are very >>>> few costs associated with it. > > Ximin wrote: >> I am hesitating even bringing it up in the next cryptoparty session I >> will do, because compared to the other properties, it's quite shaky, >> and might just confuse the audience when I talk about the many caveats >> like the ones above. > > Yep, i understand where you're coming from on this. > > --dkg > -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OTR-users mailing list OTR-users@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-users
