[Security] TLS Certificates Verification

Eric Rescorla ekr at rtfm.com
Tue Aug 19 16:45:23 CDT 2008

On Tue, Aug 19, 2008 at 2:30 PM, Dave Cridland <dave at cridland.net> wrote:
> If the additional properties of ESessions are of interest, we could of
> course work toward putting them into TLS - deniability in TLS would be
> instantly applicable to any other protocol which needs it, for instance.
> That might include SIP, I suppose.

As I understand the situation, TLS already has the form of deniability that
OTR is designed to give you, namely that you can't deny having been
part of the communication, but you can deny having sent any given application
data message. This is basically a result of using MACs rather than signatures.

That said, it is possible to have deniability of communication as well, but
it requires a slightly different mix of crypto primitives.


More information about the Security mailing list