On 12/11/14, Mike Hearn <[email protected]> wrote: >> >> If you use such a system, I think you've clearly signaled that you >> don't trust me. I wouldn't chat with you and in fact, I didn't sign >> this email. :) >> > > Sure about that? ;) You sent it via Gmail which signed it using DKIM as > coming from your account. To deny you sent it, you would have to either > claim your account was hacked or that Google is trying to forge evidence. >
Heh! It isn't end to end. Hooray. Google can say what they'd like and Google has been owned in the past. Certainly Google accounts have been compromised and are regularly compromised. An email from Google is still just an email. The same email with a PGP signature tied to a key in a smart card is much stronger assertion in my view. > >> End point security is rather weak and so I'd wager that you're aiming >> to design a protocol "feature" that will be fantastic for framing >> someone. > > > If you read the newspaper story I linked to from the first email, it was > the opposite - the guy was being framed and was able to prove it using text > message evidence, which wasn't deniable presumably due to records kept by > the carrier (there was CCTV evidence as well anyway). I think being able to > prove someone said something cuts both ways. > I think providing a reasonable doubt is a good goal. The balance doesn't strike evenly because the world is not fair or balanced with regard to power. Text message content is logged by many of the carriers but I presume that they didn't confirm that everything matches up from full content intercepts. That is to say - the text message without a strong signature allowed for exoneration. Sounds like a deniable channel will be similar and that related information may be useful for confirming assertions. All the best, Jacob _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
