Trevor Perrin <[email protected]> writes: > Deniability is achieved because any party could forge records of > communication with other parties that a 3rd-party judge could not, > post-facto, cryptographically distinguish from actual records. > > Because such forgery is possible, "malleablility" of transcripts isn't > necessary, and the OTR / mpOTR rigamarole around "modifiable > transcripts" and publishing signing/MAC keys becomes unnecessary. If > you can *forge* transcripts from scratch, there's no need to modify > existing ones.
It seems that the hard property is to simultaneously achieve: deniability authentication to the counterparty in real time confidentiality, which means more than encryption, but also being sure that you are encrypting in a key that only the authorized counterparty has It seems that OTR does all of this, and I don't understand how you propose to get the second two properties with unsigned DH.
pgpgHXIMCwtro.pgp
Description: PGP signature
_______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
