[pkg-otr-team] Bug#818313: Bug#818313: off-the-record (OTR) plugin actually logs conversations
micah
micah at riseup.net
Wed Mar 16 15:04:14 UTC 2016
Antoine Beaupré <anarcat at debian.org> writes:
> It's called "off the record" - why the heck would you want to log
> that?
the 'off the record' property of OTR only has to do with the protocol
itself, it doesn't promise anything beyond that. Someone can copy and
paste text from the terminal, take a photo or have it read out loud
through speakers that are blasting through the grand canyon. OTR's "off
the record" only promises these properties:
. Encryption - No one else can read your instant messages.
. Authentication - You are assured the correspondent is who you think it
is.
. Deniability - The messages you send do not have digital signatures
that are checkable by a third party. Anyone can forge messages after a
conversation to make them look like they came from you. However, during
a conversation, your correspondent is assured the messages he sees are
authentic and unmodified.
. Perfect forward secrecy - If you lose control of your private keys, no
previous conversation is compromised.
You might be thinking that logging by an external program compromises
the 'encryption' aspect of OTR?
More information about the Pkg-otr-team
mailing list