[jdev] Re: JEP-0027 (OpenPGP) implementation question

Peter Saint-Andre stpeter at jabber.org
Tue Mar 7 16:12:43 CST 2006

Hash: SHA1

Justin Karneges wrote:
> On Tuesday 07 March 2006 09:13, Peter Saint-Andre wrote:
>> Looking at JEP-0116 again, I see that public keys are used to verify the
>> identity of the parties, but that the stanzas themselves are signed and
>> encrypted with session keys. So identity is asserted and preserved in
>> the initial negotiation, but not attached to each stanza. Or so it seems
>> (I need to read JEP-0116 again in depth).
> I believe identity is attached at all times.
> For the OTR feature, though, something is done later to make the packet 
> signatures worthless.  The idea is that both parties can have full trust in 
> each other's identity during the conversation, but it is not possible to 
> later "prove" that each party actually said what they said, since forgery 
> would be easy at that point.

Well, somehow I doubt that a court of law would care whether it can be
cryptographically proven that one party did or did not say something.
Does anyone know of case law on this point? Sure, we geeks know that
it's possible for one party (or a third party) to forge messages, but
stored email messages have been used to implicate people and we know
they can be forged as well. So the repudiability and perfect forward
security aspects of OTR don't give me much comfort in the real world.


- --
Peter Saint-Andre
Jabber Software Foundation

Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060307/04377c66/attachment-0002.bin>

More information about the JDev mailing list