[messaging] Value of deniability

[Eleanor Saitta]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2014.12.10 19.45, Jacob Appelbaum wrote:
> On 12/10/14, Eleanor Saitta <ella at dymaxion.org> wrote:
>> On 2014.12.10 17.00, Jacob Appelbaum wrote:
>>> Why not have both options, legally and cryptographically?
>> 
>> Because if you want to have both options, even if there was
>> absolutely no cost in terms of protocol design, has a significant
>> cost in terms of user experience, user education, and end-user
>> security planning overhead.  Every security invariant that you
>> intend to support must have a specific cost justification in
>> terms of end-user outcomes. Adding a new one because it has no
>> protocol cost ignores massive costs elsewhere, in a way that
>> exactly parallels the complete usability failures of most
>> encryption protocols.  Usability and user requirements analysis
>> must be part of cryptographic protocol design if there is any
>> hope it will work.
> 
> It works in OTR and it works well enough, I think. I don't see any 
> obvious room for improvement. Though I admit, I like the
> TextSecure design.

Ending conversations in OTR is specifically a piece of user
interaction that is only required due to the deniability component,
correct?  So it's not true that there's no room for improvement.  OTR
is also, although far better than many alternatives, something I hear
frequent usability complaints about.  This is not what success looks
like.  This is at best what the absence of failure looks like.  OTR
does not in any meaningful way drive deniability as an invariant
through the design process, nor do implementations clearly explain to
users what invariants they can or cannot expect the system to maintain.

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlSI6k0ACgkQQwkE2RkM0wqqXQD/d6lWo4nvDQgCfKedBxHoLVET
DwLdDDBbTy4iJcZOzLgA/A9uA93W0se8L50d5ja53LUBHHwfL/RxzH1ynqj1d5OY
=0MD9
-----END PGP SIGNATURE-----