On Thu, 11 Aug 2005, Ian G wrote:
Right but this needs to be integrated into the
real world. Firstly, what does that signature
mean? What was it doing there? Because this
question is unanswered, and I'd say, unanswerable,
most people (in my experience) don't use signed
email. They simply encrypt.
Right. I'm one of those people. This does, however, leave one open to MITM
attacks -- which are probably not that large of a threat in the general
case, but when dealing with centralized, proprietary IM systems, could
very well be a realistic problem. (This is why Trillian's SecureIM
solution fails my sniff test.)
Secondly, the way court works is that if one
party tables a message, it's generally accepted
at face value. In practice, the mere presence
of the message is its own authentication.
Actually, rules of evidence are a lot more complicated, particularly in
criminal proceedings. It's pure speculation on my part to assume a
non-reputable signature on a message would lessen doubt about tampering
when presented to a third party, but I think it's reasonable speculation,
and a problem worth avoiding.
OTR allows is users to have strong authentication of encrypted messages
without the *additional risk* that normal digital signatures introduce.
Turn it around and ask how important strong
authentication is? When was the last time you
needed it in email or IM? I suggest it is something
that we inherited from some military threat model
that isn't really relevant to our environment.
I can't agree with this, particularly in the IM environment. It would be
trivial for one of the large IM service providers to intercept encrypted,
but unauthenticated traffic through their systems. If you don't trust the
IM service provider, it is essential that you have end-to-end encryption
and authentication.
brought up in court, Alice might be in a
strictly worse position. On the one hand,
she is being dared to lie to the judge,
and on the other, she's been seen to use a
tool that has a sole advantage of repudiation.
I'd hardly say that OTR's sole advantage is repudiation. Transparent
encryption, perfect forward secrecy, and a quickly growing user-base are
also significant advantages. OTR is a privacy tool. Avoiding the
non-repudiation trap is a form of privacy.
Simply put, users shouldn't be forced to make non-repudiatable attestations
in order to achieve privacy for their communications.
--Len.