On Wed, 13 Mar 2013 17:07:02 -0500 "Evan D. Schoenberg, M.D." <[email protected]> wrote:
> > > On Wednesday, March 13, 2013 at 4:58 PM, "Daniel ".koolfy" Faucon" > wrote: > > > In fact, not logging OTR conversations is fairly transparent for the > > user, most users won't notice until some day they will look for an > > OTR conversation in their logs --probably not that often for lambda > > users. > > > At which point they will be really annoyed at this technology for > making them lose the log they expected to have, if they can even > guess why it is that that particular conversation wasn't logged. That's what the warning at the beginning of every OTR session would be for. > > If your local machine is insecure, you've already lost. Isn't the whole point of ephemeral encryption keys that a conversation shouldn't be compromised if the computer is compromised *AFTER* the conversation took place? I think proper log management falls perfectly within the limits of this threat model. And by keeping cleartext logs by default, we clearly violate it. -- Daniel ".koolfy" Faucon Tel: France : (+33)(0)658/993.700 PGP Fingerprint : 485E 7C63 8D29 F737 FEA2 8CD3 EA05 30E6 15BE 9FA5
signature.asc
Description: PGP signature
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
