[messaging] Value of deniability

Ximin Luo infinity0 at pwned.gg
Fri Dec 12 07:40:31 PST 2014


On 12/12/14 16:30, Eleanor Saitta wrote:
> On 2014.12.12 10.06, Ximin Luo wrote:
>> Can we all talk about something more productive now, please? There
>> are lots more problems to be solved in group chat, and getting
>> stuck on deniability hinders progress. AFAIK, everyone still
>> actively working in this area no longer considers this topic to be
>> an issue of contention.
> 
> So, like the web of trust, right?  Just because y'all think it's not
> an issue doesn't mean you're not being literally blind.  But by all
> means, continue.
> 

They are two separate things. I do think the web of trust is broken yes. I'm happy to talk about that another time, and have actually talked before in this mailing list about specific proposals for alternatives.

I guess I should have clarified that, I think abstract discussions that are (a) a bit out-of-date and (b) don't have any specific proposals, are not very productive.

To expand on dkg (and others') points above though, moving forward we *can* change how "deniability" is presented. Actually I myself have spoken out against this before on the otr-dev mailing list. The way the OTR home page presents "deniability" is indeed confusing to users and can lead them to think they have some sort of extra protection in court, when they don't.

So, we can definitely re-word how deniability is presented to users yes.

In an ideal world, since it is "no extra than real life", we should just be able to *say nothing*. However, we live in a non-ideal world where lots of protocols use digital signatures. To distinguish ourselves from those protocols, we should say *something*, and that is why the OTR homepage says something, but it is a bit confusing.

Would you like to propose an alternative wording for it? It should make the point that:

- it is no extra security than real-life
- it is more security (in the general case, where you don't want to create a social contract of "we can prove each other to 3rd parties") than some other protocols like PGP

X

-- 
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141212/bfc79496/attachment.sig>


More information about the Messaging mailing list