[messaging] Value of deniability
Jacob Appelbaum
jacob at appelbaum.net
Wed Dec 10 16:45:24 PST 2014
On 12/10/14, Eleanor Saitta <ella at dymaxion.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 2014.12.10 17.00, Jacob Appelbaum wrote:
>> Why not have both options, legally and cryptographically?
>
> Because if you want to have both options, even if there was absolutely
> no cost in terms of protocol design, has a significant cost in terms
> of user experience, user education, and end-user security planning
> overhead. Every security invariant that you intend to support must
> have a specific cost justification in terms of end-user outcomes.
> Adding a new one because it has no protocol cost ignores massive costs
> elsewhere, in a way that exactly parallels the complete usability
> failures of most encryption protocols. Usability and user
> requirements analysis must be part of cryptographic protocol design if
> there is any hope it will work.
>
It works in OTR and it works well enough, I think. I don't see any
obvious room for improvement. Though I admit, I like the TextSecure
design.
It also appears, though I might be wrong, that the Anakata case is one
of the legal case you requested. I'm not sure though as that entire
part of the context is missing from this latest reply.
OTR works cryptographically and the deniability hasn't harmed it. It
has even enabled people to dispute chat logs as forged or tampered
with in court.
All the best,
Jacob
More information about the Messaging
mailing list