[pkg-otr-team] Bug#766936: Bug#766936: [libotr5] Extended description: "Deniability" is not a feature per se
Filipus Klutiero
chealer at gmail.com
Fri Oct 31 03:41:31 UTC 2014
On 2014-10-29 05:49, Ian Goldberg wrote:
> On Tue, Oct 28, 2014 at 08:56:07PM -0400, Filipus Klutiero wrote:
>> I am not convinced this is a good thing, but for sure the current
>> phrasing is incorrect. According to the technical paper, OTR would
>> merely send the key to the other participant, so only him could forge
>> messages, unless someone captured the message. So the only person who
>> can forge messages after the conversation is the other participant.
>> Since he could already forge messages, that measure does not increase
>> deniability in normal circumstances.
> No, that's not quite right; OTR sends the authentication (MAC) key *in
> the clear* so that anyone capturing the traffic on the wire can
> subsequently modify transcripts however they like.
That's also what I was saying. It is not encrypted, but it has no effect except in cases where the communication is captured.
--
Filipus Klutiero
http://www.philippecloutier.com
More information about the Pkg-otr-team
mailing list