[pkg-otr-team] Bug#766936: Bug#766936: [libotr5] Extended description: "Deniability" is not a feature per se
Ian Goldberg
ian at cypherpunks.ca
Wed Oct 29 09:49:25 UTC 2014
On Tue, Oct 28, 2014 at 08:56:07PM -0400, Filipus Klutiero wrote:
> I am not convinced this is a good thing, but for sure the current
> phrasing is incorrect. According to the technical paper, OTR would
> merely send the key to the other participant, so only him could forge
> messages, unless someone captured the message. So the only person who
> can forge messages after the conversation is the other participant.
> Since he could already forge messages, that measure does not increase
> deniability in normal circumstances.
No, that's not quite right; OTR sends the authentication (MAC) key *in
the clear* so that anyone capturing the traffic on the wire can
subsequently modify transcripts however they like.
More information about the Pkg-otr-team
mailing list