On Tue, 19 Feb 2013 11:36:36 +0100 Kjell Braden <[email protected]> wrote:
> > Also, you confuse two different concepts of authentication: > Every OTR session uses cryptographic authentication. If you > previously marked a key as trusted (ie. you know it belongs to the > reported owner), OTR will flag it as trusted again if you come back > later to the same DSA key. Another note on this: doesn't this destroy your "plausible deniability"? If there is some DSA key stored on my computer, that I keep showing to everyone I chat with, and is recoverable if my computer is seized...what is deniable about that? Until someone can explain that to me, I prefer to generate new keys for each communication session. > Claiming that torchat had automatic authentication while OTR used > manual authentication is misleading, because the same manual > authentication appears in torchat by exchanging the hidden service > address (see Gregory's post). > _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
