On Mon, 24 Jun 2019 at 20:46, Florian Schmaus <[email protected]> wrote:
> On 24.06.19 19:04, Ненахов Андрей wrote: > > пн, 24 июн. 2019 г. в 21:59, Georg Lukas <[email protected]>: > >> 1. I'd like to see certain fields of the <content/> being REQUIRED, > >> especially: > >> > >> - the from address > > > > So much for deniability. > > You usually only need 'from' if you also sign the data, and then > deniability is already gone. And if you do not sign the data, then the > 'from' attribute carries no meaning and is actually harmful because an > erroneous implementations could assume its value is genuine. > I think if you encrypt the data without a way to identify the sender, it's not very interesting. But a system that encrypts, and then signs, as distinct steps would mean that an attacker could resign a message, so a "from" might be useful there. But in no case does this mean deniability is affected. It might mean anonymity is, though, in MUC for example. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
