> No, you're not listening to what I'm saying. I'm fine with continuing > to not sign things. I'm not fine with introducing new primitives that > are only useful in small edge cases and lying to ourselves about their > utility. Deniability isn't new. The utility is real, even though it might not be obvious today. > So, what you're saying here is "I don't care about security outcomes > at all, I care about pushing a specific set of properties that I deem > important because I know how to achieve them on users regardless of > what I think they need". I'm saying the exact reverse of what you interpret it as. I care only about the security outcome, and THEREFORE I will not accept something that increases the risk unnecessarily. Deniability isn't something you need to push on people, most whatsapp users don't know axolotl now is under the hood, or that it exists. But I certain that dropping deniability (and I'm talking about provable authencity vs not provable, unsigned messages is just fine if the integrity can be preserved in transit to the intended recipient) will introduce highly undesirable properties. Deniability itself isn't what I care all that much about. Not putting people at risk when it can be avoided is. > Because it is indicative of the complete failure of this community to > design for user outcomes, and if that isn't going to change, there's > no point in even continuing to interact with y'all. But you're now inherently assuming the circumstances won't change when your last of desired properties have been implemented. That's what I've been saying, your desired changes will introduce highly undesired changes in the environment of the users. A false sense of security is worse than no security. Don't assume the attacks won't change, that's only going to cause harm.