On Mon, 2007-02-05 at 17:55 +0200, Peter wrote: > On Mon, 5 Feb 2007, Alon Altman wrote: > > > On Mon, 5 Feb 2007, Oded Arbel wrote: > >> > >> It seems like they claim both deniability and and assurance (which is > >> what you get from signing, except w/o the signing part) at the same > >> time. > > > > I think that the trick is to give the other party the signing key right > > after you signed the message. > > The usual trick with just-on-time crypto like that is to use a > public/private key system to generate and exchange a unique key to be > used just for that session, and then destroy it.
Problem - it maintains authentication across sessions: when at first I talk with someone, I get a crypto thumbprint that I need to verify manually that it belongs to the person I'm supposed to be talking (for example - by phone). After I do that once, whenever I talk with the same person, I am assured that its the same person. That doesn't work with simple session only encryption, and what I don't understand is how they both offer assurance and deniability, if the next time I'm talking with the same guy I can be assured of his identity but he can later claim that it wasn't him. -- Oded ::.. "It's sort of a threat, you see. I've never been very good at them myself, but I'm told they can be very effective." ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]