On Tue, Dec 17, 2013 at 7:41 AM, Ximin Luo <[email protected]> wrote: > Haven't had time to read through the wiki yet, but just wondering, what are > your ideas on deniability? Some of us want to drop this property because > it's really not that strong[1], and requiring it makes other parts of the > protocol > harder / more complex. Also, we are being paid by a state entity to get all > messages cryptographically signed. Because of this, we also intend to drop > the name > "mpOTR", on the basis that deniability and "off-the-record" can be misleading > or a non-technical user.
I think it is unethical to offer chat protocols that silently create cryptographic non-repudiation where none was requested or expected by the user. The user thought they were increasing their security, but in some cases they were actually decreasing it. Yes, it isn't that strong against "strong" attacker who are "trustworthy" where people would believe a fabricated log regardless, but that is only one class of attacker many are not so easily trusted. If you want to go and build a harmful thing— thats your business. But why are you posting to the OTR mailing list? _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
