-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2014.12.10 16.12, Ximin Luo wrote: > There are a bunch of reasons why deniability doesn't "work in the > field". Once we neutralise those reasons, it would "work in the > field". For example, metadata leaks and bad endpoint security. So > blaming "it doesn't work in the field" on deniability itself, is > unfair - it's other things that are the real root of the observed > problem.
This amounts to saying that "as soon as we have a magic wand that makes computers secure, deniability will be useful". The reason deniability doesn't work is that when the police present a transcript in court, they're believed because they're the police. Not because of the signature status or lack thereof of the transcript. Why do you think that having better endpoint security would make deniability more effective? All I hear is a repeated assertion that this is true. > As far as I'm concerned, the issue of deniability is resolved, we > don't need to talk about it any more. Great, I'm glad to hear that, because it's in direct contradiction with everything else that anyone has said on this subject. > My point in this previous paragraph was that you can't "roll back" > the lack of deniability. Yes, I know. My point is that it's not clear that the lack of deniability is relevant to the security evaluation of a protocol. If it has literally zero cost? Sure, great, let's have protocol deniability[1]. If it has absolutely any cost? I'd much rather see all of that effort go into things that we know actually matter, like doing basic requirements evaluations before designing a protocol, as it's not clear if was done in the n+1sec case. E. [1]: The other case of deniability, hidden information repositories inside disk or file encryption systems, is in almost all cases a direct harm to users. - -- Ideas are my favorite toys. -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlSIuhgACgkQQwkE2RkM0wqkJwD7BW65L/qo1qiTjbnsBeiNHv4k rNwHppRID9AwJTRV/BcBAJMWxmg3MzjWovu/uJHj3FvyC+5F1nPrPtUElLnM8ynQ =Bq29 -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
