[messaging] Value of deniability
ella at dymaxion.org
Wed Dec 10 14:48:30 PST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 2014.12.10 17.00, Jacob Appelbaum wrote:
> Why not have both options, legally and cryptographically?
Because if you want to have both options, even if there was absolutely
no cost in terms of protocol design, has a significant cost in terms
of user experience, user education, and end-user security planning
overhead. Every security invariant that you intend to support must
have a specific cost justification in terms of end-user outcomes.
Adding a new one because it has no protocol cost ignores massive costs
elsewhere, in a way that exactly parallels the complete usability
failures of most encryption protocols. Usability and user
requirements analysis must be part of cryptographic protocol design if
there is any hope it will work.
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Messaging