-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2014.12.10 19.29, Sam Lanning wrote: > > On 10/12/14 22:41, Eleanor Saitta wrote: >> Un-signed and deniable are distinct properties. I'm definitely >> not arguing against unsigned transcripts; making an active effort >> to make repudiation difficult is a very different question than >> designing for the field utility of deniability. > > Unfortunately it's not that simple. In most cases with security > protocols, these two are mathematically as useful as each other, > not-deniable (but with authenticity) is as good as signed.
That's not remotely clear, on two specific levels, one vastly more important than the other: First, we can talk technically about the integrity and linkability-to-identity of a channel separate from that of a specific message. This is where we can talk about specific security goals in the cryptographic sense. I believe that what I stated is true in this sense, but only weakly; I'm open to being persuaded here. Second, we can talk about deniability as part of the overall user-task-completion engineering effort. Adding deniability as a supported invariant of a system and supporting it throughout the system lifecycle (including user education, UI design, user task structuring, and user security planning) is incredibly expensive for little believable gain, vs. merely not supporting the non-repudiation of messages. If you intend to design for a security invariant, you must design for it throughout the system, and at this level, invariants are neither interchangeable nor cheap. E. - -- Ideas are my favorite toys. -----BEGIN PGP SIGNATURE----- iF4EAREIAAYFAlSI53wACgkQQwkE2RkM0wr50wD/XziDiwUaTQ31BU6maaKhIAC0 w925/kPFZ36KRBP8utgA/1XqHuKKZ1WMk5dZvoZkinc8P5k27rq9xupU4aIe0Ubk =gsIn -----END PGP SIGNATURE----- _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
