On Mon, 2007-02-05 at 12:15 +0200, Shachar Shemesh wrote: > Deniability and signature are, as far as I can see, mutually > exclusive.
I wonder how "Off-the-record" ( http://www.cypherpunks.ca/otr/ ) works then. I'm not a cryptology expert, but I can tell you that it allows people to IM each other, has some sort of method where you authenticate that you know that a certain key belongs to a certain someone and then it assures you that its the same someone for all additional conversations, and their web site claims as thus: Encryption No one else can read your instant messages. Authentication You are assured the correspondent is who you think it is. Deniability The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. Perfect forward secrecy If you lose control of your private keys, no previous conversation is compromised. It seems like they claim both deniability and and assurance (which is what you get from signing, except w/o the signing part) at the same time. -- Oded ::.. If a train station is where the train stops, what is a work station? ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]