[messaging] Value of deniability

Eleanor Saitta ella at dymaxion.org
Wed Dec 10 13:24:40 PST 2014

Hash: SHA256

On 2014.12.10 16.12, Ximin Luo wrote:
> There are a bunch of reasons why deniability doesn't "work in the 
> field". Once we neutralise those reasons, it would "work in the 
> field". For example, metadata leaks and bad endpoint security. So 
> blaming "it doesn't work in the field" on deniability itself, is 
> unfair - it's other things that are the real root of the observed 
> problem.

This amounts to saying that "as soon as we have a magic wand that
makes computers secure, deniability will be useful".   The reason
deniability doesn't work is that when the police present a transcript
in court, they're believed because they're the police.  Not because of
the signature status or lack thereof of the transcript.  Why do you
think that having better endpoint security would make deniability more
effective?  All I hear is a repeated assertion that this is true.

> As far as I'm concerned, the issue of deniability is resolved, we
> don't need to talk about it any more.

Great, I'm glad to hear that, because it's in direct contradiction
with everything else that anyone has said on this subject.

> My point in this previous paragraph was that you can't "roll back" 
> the lack of deniability.

Yes, I know.  My point is that it's not clear that the lack of
deniability is relevant to the security evaluation of a protocol.

If it has literally zero cost?  Sure, great, let's have protocol
deniability[1].  If it has absolutely any cost?  I'd much rather see
all of that effort go into things that we know actually matter, like
doing basic requirements evaluations before designing a protocol, as
it's not clear if was done in the n+1sec case.


[1]: The other case of deniability, hidden information repositories
inside disk or file encryption systems, is in almost all cases a
direct harm to users.

- -- 
Ideas are my favorite toys.


More information about the Messaging mailing list