[messaging] Value of deniability

Natanael natanael.l at gmail.com
Wed Dec 10 11:06:11 PST 2014


Den 10 dec 2014 19:56 skrev "Mike Hearn" <mike at plan99.net>:
>
> I would like to hear opinions on the value of deniability in OTR like
protocols.
>
> From a privacy perspective the rationale is fairly clear. But I keep
reading stories like this one:
>
>
http://www.dailymail.co.uk/news/article-2854324/The-double-life-tragic-suicide-girl-accused-rape-tycoon-s-son-says-Don-t-judge-know-story.html
>
> in which people exonerate themselves or get themselves out of a sticky
situation because they are able to prove someone sent them text messages at
a certain time. E.g for establishing an alibi or (as in this case) to show
that a woman who had accused a man of rape was lying.
>
> If you have true end to end encryption and only you or the sender can
release messages, this seems like a pretty high standard of privacy
already. I'm not entirely sure I'd actually want to use a system that added
deniability on top, because being able to prove a conversation took place
is so often valuable in life and in business.

Like everything else it is a trade-off.

What if what you said is taken out of context? What if you were actually
just quoting somebody, being sarcastic or hypothesizing? You can't force
somebody to give you a signed statement in a way that allows it to be
proven authentic, for good reasons.

My personal preference is deniability by default, signing when chosen by
the user.

This way it essentially mimics the expectations of a private conversation
IRL. Those you recite it to have to rely on their degree of trust in you,
unless the other participants sign a document confirming the contents.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141210/c8ba8336/attachment.html>


More information about the Messaging mailing list