[pkg-otr-team] Bug#766936: Bug#766936: Bug#766936: [libotr5] Extended description: "Deniability" is not a feature per se
Ximin Luo
infinity0 at pwned.gg
Tue Oct 28 01:11:27 UTC 2014
On 27/10/14 03:08, Harlan Lieberman-Berg wrote:
> On Sun, 2014-10-26 at 21:22 -0400, Filipus Klutiero wrote:
>> Rather than advertising 2 independant items, these could be merged in a
>> "Deniable authentication" item which would contain both sublists.
>
> One reason why I think "deniability" is important as a separate feature
> is that it is differentiating in the face of other, similar kinds of
> programs. Most encryption systems are not deniable; in fact, many
> systems are not deniable /by design/. This message, for example, is PGP
> signed and is not deniable at all. Anyone who gets a copy of the
> message can verify that I, or someone with control over my private key,
> composed and sent this message. The Pidgin-Encryption plugin similarly
> doesn't have deniability built into its threat model at all.
>
> In that context, I think it might be deserving of being listed as its
> own feature.
>
Both of you are right in some degree. Deniability is indeed a secondary property of the underlying authentication system (note: *not* encryption system as Harlan said). It makes no sense without authentication. However, I'm neutral as to merging the two points.
A related point is that "forward secrecy" is a secondary property of the underlying encryption system. It makes no sense without encryption (i.e. confidentiality).
Personally, I like to introduce these concepts as "forward-secure confidentiality" and "deniable authentication".
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-otr-team/attachments/20141028/bd0ef60f/attachment.sig>
More information about the Pkg-otr-team
mailing list