[messaging] plausible deniability and transcript editors

Guy K. Kloss gk at mega.co.nz
Mon Jun 30 16:35:21 PDT 2014

On 28/06/14 20:06, Trevor Perrin wrote:
> This exists for OTR:
> https://otr.cypherpunks.ca/README-libotr-4.0.0.txt

Thanks, Trevor. I wasn't aware of this (but then I haven't researched
for it, yet). But this is pretty much what would be at the core, and
then some (simplistic) UI over the top to control such tool(s) to enable
one to edit the transcript semi-conveniently.

On 01/07/14 02:49, Tom Ritter wrote:
> AFAIK, no chat client (Pidgin, Adium, etc) actually lets you export
> the raw OTR data in a conversation. To capture it on the wire, you
> would have to perform SSL interception on yourself, to break through
> the (presumed) SSL session your client makes with the XMPP server.

Indeed Tom, that would be another, secondary problem (which might
quickly become the initial problem). So far with Pidgin I've had a play
with the XMPP console, which gave me access to the data, however it
won't log them as such.

On the other hand, if messengers don't log the raw OTR messages, then
forgery can be even simpler, as one won't even need to consider key
agreement, message authentication and encryption. Which would make it
rather trivial to create a session transcript or arbitrary content,
which one may use e. g. in court as counter-evidence. (Just checked,
Pidgin just stores the logs as plain html files.)

Therefore, the point might be rather given for those cases where a
hypothetical chat client will store messages in a more complete form,
while still retaining key agreement information required to recover the
encryption key or get the ratchet kick-started.

Now, is it worth it: I guess not, unless some such hypothetical chat
client was available, which somebody may use to gather information in
order to e. g. frame somebody on a more "reputable" basis.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140701/f0b25e40/attachment.sig>

More information about the Messaging mailing list