On 2013-02-19 08:58, Alex wrote:
I never understood how the denyability aspect of OTR actually works. If you have a conversation with a "friend" who recently became an informant, how would OTR provide more denyability than an unencrypted, unsigned conversation?
During a OTR session, the protocol frequently renews the session keys. Meanwhile, old keys will be revealed to the other party.
In my understanding this means that after a session, one party could forge messages from the other party, which means that, in court, each party could claim the other party forged the (allegedly authenticated) messages they try to use as proof.
Sadly, I don't think the US government really cares if you have denyability, they'll do whatever they damn well please. :(
If the judge doesn't care about the encryption/authentication but instead just sees proof in screenshots from chat logs it doesn't really matter if you used OTR (ie. deniability), PGP (ie. non-repudiation) or no encryption at all.
-- Kjell _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
