> I don't think OTR technology can claim to solve the gun-to-the-head > scenario. Although it claims to give users the benefit of > perfect-forward-secrecy and repudiation, I think such things matter > little in a court of law. People get convicted either wrongly or > rightly, based on spoofed emails and plain-text emails all the time.
Sources, please: I'd like to see citations for "people get convicted ... based on spoofed emails and plain-text emails all the time." Based on plain-text emails, sure. Spoofed emails, though, that's a bit of a stretch and I'm going to need to see cites. Either way, this kind of raises the question, "so why do you want to use OTR, anyway?" If the entire point of OTR is PFS/R, and you don't believe OTR can solve PFS/R, then why use OTR? > So I envision myself using OTR-based-IM and GPG-based-email-encryption > only with a prior understanding of these deficiencies. If I'm confident > enough that the end-points are secure during an OTR-IM session that has > then been authenticated, can I use such an IM session to exchange and > crosscheck my friend's GPG public key fingerprint that I've downloaded > from a keyserver for email encryption purposes? The question isn't whether you can. The question is whether it's wise. The principle of using one credential to authorize the use of another credential is about as old as the hills. The ways to exploit this are about as old as the hills, too. I'm out the door for work in a few minutes so I can't spend the 20m looking up a definitive cite, but I'd suggest looking in Ross Anderson's _Security Engineering_. It's pretty comprehensive; it's where I'd start looking. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
