[messaging] Value of deniability

[Eleanor Saitta]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2014.12.10 23.03, Jacob Appelbaum wrote:
> On 12/11/14, Eleanor Saitta <ella at dymaxion.org> wrote:
>> Ending conversations in OTR is specifically a piece of user 
>> interaction that is only required due to the deniability
>> component, correct?
> 
> Not quite. I'd encourage you to look at the code and the
> specification to understand the full process for refreshing or
> ending a conversation.

Ookaay.  Anyone who's got the spec in their head right now want to
answer that fairly simple question?  (I assume that it can be answered
from the spec.  If it requires reference to the code for that, that's
a horrifying spec.)

> I like the design of TextSecure (and RedPhone/Signal) and I showed 
> that there is a legal context for this property, which is what was 
> requested in the first place.

No, you showed that it has been mentioned in a court room, but not
even whether that mention was successful, let alone that it represents
a viable aspect of a coherent defense in any more general case.

> In any case, I don't think an improvement would be removal of the
> denability properties from OTR.

I'm not suggesting we re-engineer existing protocols to remove
deniability -- like the web of trust, we're better off ignoring it
than sending good time after bad.  I am suggesting that it's a
complete waste of time and should not be engineered into new protocols.

E.

- -- 
Ideas are my favorite toys.
-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlSJHBsACgkQQwkE2RkM0woIdQD/SP9MiV838XRG9gSzoOTJSp62
EleCmtqSTbuenzaFJRYA/jzr/e0E1VJQq8Yc1SoIEOffvJwxA5BIDRWekJDYnETa
=oIA6
-----END PGP SIGNATURE-----