[messaging] Value of deniability

[Eleanor Saitta]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2014.12.11 12.53, David R. Andersen wrote:
> Its my feeling that it would be inappropriate for the dealership to
> be able to turn to a third party and say "here's an undeniable
> transcript of Dave's negotiation with us," and I suspect the
> dealership would feel the same way. Deniability to third parties
> is important in at least some negotiations.

What you're talking about here is appropriately served by
confidentiality and has always been served by such.  It does not require
inventing implausible new invariants.

> If deniability is incorporated at the protocol level, then 
> different communication systems can make use of it, or not, as
> appropriate for their market. Luckily for us, two of the
> currently-used one-to-one protocols provide such deniability. OTR
> requires an extra step at the end for this, and with Axolotl it
> just works.

At nontrivial engineering expense that has significantly delayed some
new tools, and implemented in a manner completely unsupported in the
interface, training, and mental models of users.  Attempts to repair any
of these gaping flaws would massively raise the cognitive load to
users.  Functionally, OTR does not provide deniability because it is
not a property that end users understand through their use of the
system and can plan around.

Security invariants a system does not supported for end user
operational planning are not supported.  Anything else is ego-stroking.

E.

- -- 
Ideas are my favorite toys.

-----BEGIN PGP SIGNATURE-----

iF4EAREIAAYFAlSJ3mgACgkQQwkE2RkM0wohRQD/dVvBqgeZ7sT2bEMKa2ryKkNz
ooVXep10wLdcrqkFLcAA/jSi7ArEeWPoTKsJPVMdSKG3N8nbG8rX2GGR3l8cEnsR
=ZYk3
-----END PGP SIGNATURE-----