On Mon, 18 Feb 2013 21:46:00 -0800 Gregory Maxwell <[email protected]> wrote:
> On Mon, Feb 18, 2013 at 8:51 PM, Ileana > <[email protected]> wrote: > > We are writing an article: https://fairieunderground.info/node/149 > > Any other comments or additional details are appreciated. > > You're really understating OTR's authentication advantages. The SMP > handshake allows you to use past social context to do a highly secure > (brute force proof, it's a ZKP) authentication handshake without > having to previously establish a secure channel to transmit high > entropy data in... if you had a channel to securely establish a hidden > service ID you might as well have exchanged a long lived symmetric key > (And gained some hypothetical security against QC enabled > adversaries). > > The availability point is really about the underlying transport with > OTR. Presumably you could use OTR over personally run jabber servers > over tor to get similar properties, though in both cases the tor > network itself is subject to denial of service (and, in general, > hidden services seem a bit more brittle than tor is over all). > > > Encryption secrecy Perfect forward secrecy Perfect > > forward secrecy Proof of Communication Retrieving hidden > > service key is proof of running the service > > This sort of misses OTR's main protocol innovation— it conducts its > operation without binding the content with a cryptographic signature. > So if you're talking to a traitor they can't log your signed packets > and then prove to a third party what you said and yet the person you > spoke to knows for sure it was you. > > So there are two different kinds of denyability at play— being able to > deny a conversation happened (which perhaps use with tor provides > although traffic analysis is _very_ powerful) and being able to deny > _what_ you said in the face of a defecting counterparty. I don't > believe the torchat provides denyable authentication. I'm not sure if > torchat has denyable authentication or if something in the tor > transport breaks that. > I never understood how the denyability aspect of OTR actually works. If you have a conversation with a "friend" who recently became an informant, how would OTR provide more denyability than an unencrypted, unsigned conversation? Sadly, I don't think the US government really cares if you have denyability, they'll do whatever they damn well please. :( -- Alex _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
