The pidgin-encryption plugin provides encryption and
authentication, but not deniability or perfect forward secrecy. If an
attacker or a virus gets access to your machine, all of your past
pidgin-encryption conversations are retroactively compromised.
Further, since all of the messages are digitally signed, there is
difficult-to-deny proof that you said what you did: not what we want
for a supposedly private conversation!"

This is increasingly off-topic from GnuPG; let's bring this thread to a close pretty soon.

I don't buy OTR's hype, which is basically what you're quoting here. What they're saying is simple: if an attacker eavesdrops on your secured communications and gets copies of them, then if the attacker is able to compromise your box, the attacker can get your GnuPG key and use it to decrypt previously sent Gaim-E traffic.

I also don't buy the argument that an OpenPGP signature is difficult to deny. Or, perhaps, the problem is that I _do_ buy the argument. Signature semantics are the most pernicious part of OpenPGP, if you ask me. I can count my hands the number of people I know whom I think have a good grip on signature semantics.

A correct signature from a valid key belonging to a trusted party means the reader can feel confident the message is in the same state as the signer saw it. That's all. Nothing else.

Imagine that Alice sends Bob a very short note. "I love you." Bob, who wants to gloat about his romantic victory to his archrival Charlie, forwards Alice's message on to Charlie... but Bob's mailer appends a signature to the message. Now Charlie has a signed message from Bob in which Bob appears to swear his love for Charlie. Major embarrassment ensues because everybody thinks the signature is proof that Bob wrote the message, when he actually didn't.

The absence of a signature is also not proof of anything other than the absence of a signature. Imagine that I'm concerned about people forging my messages, so I make it a point to sign everything. A malicious undergrad, upset over the grade I gave, decides to ruin my reputation anyway by posting vitriolic, hate-filled messages to a white supremacist mailing list using my name. When the Dean summons me to explain my actions, I say "... but that's not me! I sign everything! I have a years-long history of signing everything!" The Dean, who is a smart mathematician, will say "ah, but perhaps you deliberately left your signature off these messages so you could deny them later if they surfaced. You understand that we have to open an investigation into you, Rob, correct?"

So my objection to OTR's characterization of OpenPGP signatures as "difficult-to-deny proof" is that it's simply not so. The public misconceptions around signatures are so vast that I seriously doubt the utility of signatures. Most people don't understand them and don't especially want to, either.



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to