[messaging] Value of deniability

Eleanor Saitta ella at dymaxion.org
Wed Dec 10 16:38:20 PST 2014

Hash: SHA256

On 2014.12.10 19.29, Sam Lanning wrote:
> On 10/12/14 22:41, Eleanor Saitta wrote:
>> Un-signed and deniable are distinct properties.  I'm definitely
>> not arguing against unsigned transcripts; making an active effort
>> to make repudiation difficult is a very different question than
>> designing for the field utility of deniability.
> Unfortunately it's not that simple. In most cases with security 
> protocols, these two are mathematically as useful as each other, 
> not-deniable (but with authenticity) is as good as signed.

That's not remotely clear, on two specific levels, one vastly more
important than the other:

First, we can talk technically about the integrity and
linkability-to-identity of a channel separate from that of a specific
message.  This is where we can talk about specific security goals in
the cryptographic sense.  I believe that what I stated is true in this
sense, but only weakly; I'm open to being persuaded here.

Second, we can talk about deniability as part of the overall
user-task-completion engineering effort.  Adding deniability as a
supported invariant of a system and supporting it throughout the
system lifecycle (including user education, UI design, user task
structuring, and user security planning) is incredibly expensive for
little believable gain, vs. merely not supporting the non-repudiation
of messages.  If you intend to design for a security invariant, you
must design for it throughout the system, and at this level,
invariants are neither interchangeable nor cheap.


- -- 
Ideas are my favorite toys.


More information about the Messaging mailing list