[messaging] Value of deniability
sam at samlanning.com
Thu Dec 11 11:21:29 PST 2014
We've been thinking the goals of what we're trying to achieve with
deniability all wrong.
Deniability is the goal of trying to make our use of encrypted messaging
not make us more liable for what we say any more than messaging has
already done for years.
Deniability is *NOT* the introduction of a new property to our online
messaging that allows us to be able to deny what we've said any more
than we've been able to to in all our years previously without end to
All deniability is, is putting safeguards in place so that our use of
cryptographically secure communications protocols does not screw us
over, and come with any more hidden surprises than any insecure
Let's assume for one second the following:
- If we want to use a secure channel (confidential and authentic) we
have a choice of either:
- lots of cryptographic signatures, tying us strongly to what we
say, more than we ever have been previously. This is dangerous,
and DIFFERENT to what the general public are used to. It is
equivalent to requiring you to sign every PGP message you send to
be able to use encryption.
- deniability baked in to the protocol. This ensures that the
communications retain the same property that all digital
communications have always done previously. And that is that
there is no cryptographic proof you said something. This is the
SAME as it has always been.
- these properties hold over either a single message, or a channel.
This is why deniability does not require any additional cognitive load.
What would require cognitive overhead would be if we didn't bake in
deniability, because then the use of said protocol would tie people to
what they say way more strongly than it has ever done previously.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: OpenPGP digital signature
More information about the Messaging