[messaging] Value of deniability

moderncrypto at mkern.fastmail.fm moderncrypto at mkern.fastmail.fm
Wed Dec 10 13:31:33 PST 2014

On Wed, Dec 10, 2014, at 19:56, Mike Hearn wrote:
> I would like to hear opinions on the value of deniability in OTR like
> protocols.
> From a privacy perspective the rationale is fairly clear.

The practical value of deniability at the protocol level would be much
higher if it was deeply integrated into the user interface of (commonly
used) client software.

The absence of cryptographic proof of who originated the message means
little if clients by default keep a fixed record of who sent the message
and when. If one of the parties becomes compromised this record will be
sufficient proof to anyone not understanding the intricacies of the
protocol. While such a record could be altered, it would require special
tools to edit the clients database, etc, which is not very convincing.

Clients implementing protocols with deniability should surface this all
the way up to the UI and make the conversation completely editable in a
trivial manner. If you can show that simply swiping a message on your
phone attributes it to someone else that becomes a very powerful way of
showing the lack of clear attribution in the underlying protocol.

One cannot, of course, prevent the other party from using a client
without editable history but if widely implemented there is a good
chance the average user will have it and a compromise at a later time
will only yield an uncertain history of the communication.

An alternative is to never keep a history in the client which is
definitely the best approach for very sensitive conversations but for
day to day messaging people expect to have at least a short history for
reference and context.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141210/611603cb/attachment.html>

More information about the Messaging mailing list