[messaging] Value of deniability

Sam Lanning sam at samlanning.com
Thu Dec 11 11:21:29 PST 2014


We've been thinking the goals of what we're trying to achieve with
deniability all wrong.

Deniability is the goal of trying to make our use of encrypted messaging
not make us more liable for what we say any more than messaging has
already done for years.

Deniability is *NOT* the introduction of a new property to our online
messaging that allows us to be able to deny what we've said any more
than we've been able to to in all our years previously without end to
end encryption.

All deniability is, is putting safeguards in place so that our use of
cryptographically secure communications protocols does not screw us
over, and come with any more hidden surprises than any insecure
communications protocol.

Let's assume for one second the following:
 - If we want to use a secure channel (confidential and authentic) we
   have a choice of either:
    - lots of cryptographic signatures, tying us strongly to what we
      say, more than we ever have been previously. This is dangerous,
      and DIFFERENT to what the general public are used to. It is
      equivalent to requiring you to sign every PGP message you send to
      be able to use encryption.
    - deniability baked in to the protocol. This ensures that the
      communications retain the same property that all digital
      communications have always done previously. And that is that
      there is no cryptographic proof you said something. This is the
      SAME as it has always been.
 - these properties hold over either a single message, or a channel.

This is why deniability does not require any additional cognitive load.

What would require cognitive overhead would be if we didn't bake in
deniability, because then the use of said protocol would tie people to
what they say way more strongly than it has ever done previously.

Sam.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141211/b1181a5e/attachment.sig>


More information about the Messaging mailing list