[messaging] Value of deniability

Eleanor Saitta ella at dymaxion.org
Wed Dec 10 14:45:16 PST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2014.12.10 17.21, Ximin Luo wrote:
> Systems that provide unlinkability would help to prevent those 
> transcripts from being leaked. Better endpoint security would also
>  help. It's a matter of reducing risk - it will always be there,
> but taking measures to reduce it helps the end result. Not sure how
> I can explain it in other terms that would be more acceptable to
> you as a non-assertion...

Unlinkability and endpoint security clearly contribute to security
outcomes.  Once an adversary has a transcript, there is no evidence
that suggests that unlinkability contributes to better security
outcomes, even if it had no cost.  It has a cost.

> *Who* has been saying deniability is costing us? I do remember this
>  point being passed around at last year's CCC, and maybe it was
> true for previous efforts - but for the efforts over the past year,
> we haven't really run into this at all.

It was called out repeatedly as being one of the significant
contributions to the delay in implementing mpOTR.  You'll have to
forgive my not remembering by whom, as it's been a year.

Please see my reply to DKG on the diverse non-cryptographic costs that
supporting an extra security invariant has.

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlSIzPwACgkQQwkE2RkM0wpeJgEAmyaUb16OTP8C3M37+XhCY7oX
/TJd9+HKPGkq+lk/+GoA/ilbeudF3aVdAcZy2EmuRwQY57QMrOR4ZDpnfU3pFirQ
=rPKL
-----END PGP SIGNATURE-----


More information about the Messaging mailing list