-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14/03/13 15:04, Thijs Alkemade wrote: > End-to-end encryption and confidentiality are orthogonal features, > in my opinion. > > In my browser, I try to maximize the usage of SSL. Banking > information or login credentials being stolen are dangerous > problems that I want to avoid. > > On the other hand, I have private browsing/incognito mode for those > websites I would not want to keep around in my browser history. > > I don't find it necessary to require both at the same time: I'm > happy with my browser suggesting my bank from my history (hey, > saves me the risk of some typos) and I'm fine with private browsing > happening without SSL, if that's not available. > > I think the situation for OTR and logging is exactly the same: I > use OTR if I don't want my conversations to be read by Google, > Microsoft or the US government. I'm not using OTR to be able to > pretend that the conversation never took place. But when I do want > that, I make a separate, concious, decision to also turn logging > off.
When I say "confidentiality", I mean that the content of the conversation is concealed from third parties. I'm not talking about concealing the fact that a conversation between two parties has taken place. Logging undermines confidentiality by keeping a record of the content of the conversation that may later be obtained by third parties. Some people may decide that the usefulness of having a record outweighs the risk of the record being exposed. But I'm arguing that today, when using OTR is an uncommon choice indicating a desire for confidentiality and/or deniability, and when keeping logs confidential involves making other uncommon choices such as disk encryption, we should conservatively assume that the risk of keeping a record outweighs the usefulness, unless told otherwise. In the future, OTR and disk encryption may be commonly used, in which case a different default may make sense. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRQfxKAAoJEBEET9GfxSfMFVQH/RMUBKts6HuUiRVAny8Ui29T WHJYWiujZzkS1Z4bAT7yAmCxkzaZSAXYY3xQzJlbMwMct+rsC4vFpe72+DY6Gsx4 JVmBPHGYCKFbP85ZGVg2Bq6ENN3Fju7avcBpArG4tw3GofgWF6V2ImXuyP79MbWc K5jHQVhQkx0fgd+vNIHx/MXx9BP8URU6qZTa86Jk7C5ZJ+MfpU16pRLyxg/8ovc0 0gBsDrFM02GgwNryTd/WFic+ir8wK+u0qTeEfM55Mhtaacn9Z2USNt3YrKc0WEAU 3dliWj6lf+dX+hYWhRnh6SOIa14C7+h3FqWd1QDEGFKEU2+IC+DGuXlVB37CuaU= =SwMr -----END PGP SIGNATURE----- _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
