On 10/12/14 22:41, Eleanor Saitta wrote: > Un-signed and deniable are distinct properties. I'm definitely not > arguing against unsigned transcripts; making an active effort to make > repudiation difficult is a very different question than designing for > the field utility of deniability.
Unfortunately it's not that simple. In most cases with security protocols, these two are mathematically as useful as each other, not-deniable (but with authenticity) is as good as signed. At a high level, there are 3 main ways in which you can send a digital message to n people. a) send the message, unsigned in any way, to each of the n people. This provides deniability, is unsigned, but has no authenticity. b) send the message, with a signature using a long-living key (e.g. PGP), to each person. this is signed, is not-deniable, but has authenticity. c) send an individual message to each recipient, in such a way so that each message could only have been written by the sender and the recipient of that message. This is more work (except for the case where communication is only between 2 parties, in which case we can have this for free). Messages are unsigned (not tied to a single identity, each message is tied to 2 identities), deniable, and authentic. More concretely messages can be: - tied to 0 identities (deniability, no authenticity) - tied to 1 identity (signed) (no deniabilty, authenticity) - tied to 2 identities (in effect, signed by 1 of 2 identities) (deniability, authenticity) Which leads me to this conclusion: If we want to have authenticity in a secure messaging protocol, we either: - sign every message (not deniable). Basically every message is provably by the owner of a long-lived identity. Should hold up in a court of law as strongly as a chain of PGP-Signed emails, which we have already discussed previously in this thread. - use deniability (more costly when more than 2 people are communicating) </2-cents> Sam.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
