[Standards] OTR

Sam Whited sam at samwhited.com
Mon Dec 29 20:04:22 UTC 2014



On 12/29/2014 01:37 PM, Bartosz Małkowski wrote:
> 
>> Wiadomość napisana przez Sam Whited <sam at samwhited.com> w dniu 29 gru 2014, o godz. 18:36:
>>
>> The main problem I see there would be deniability; a lot of things I see
>> people suggest would potentially ruin the ability of the protocol to
>> provide deniability.
> 
> Can you explain?

Eg. the suggestion someone made earlier about adding signing of OTR
keys. Any sort of signing should be a no (it's not part of the original
OTR protocol, and is contrary to its goals). I've seen this sort of
thing suggested a few times elsewhere.

Rereading that paragraph, I'm confused as to what I was talking about
too; possibly ignore it and just read that as "we should keep OTR's
goals in mind as we develop to make sure we don't inadvertantly leak
information and break one of those goals".

> If encrypted stream will be established, then what problems you see?
> We can’t hide fact that OTR stream is established between two
> entities.

Different kind of deniability (sorry, my message was confusing as I
mentioned both, and it may have sounded like I was talking about the
same thing). You're probably right; don't know why I even mentioned that
(the initial OTR stream setup will always show that OTR was being used,
even if OTR messages are designed in such a way that there could be
plausable deniability that OTR was being used). I don't think it's
something we should concern ourselves with anyways.

—Sam

-- 
Sam Whited
pub 4096R/54083AE104EA7AD3
https://blog.samwhited.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20141229/ef918ee9/attachment.sig>


More information about the Standards mailing list