On Wednesday 21 September 2005 11:29 pm, Daniel A. Nagy wrote:
I just got a message from a human rights activist, who pointed out a
shortcoming of PGP for -- for the lack of a better word -- paranoid
conspirators.
Imagine, that a conspiracy expects to be infiltrated. They send encrypted
messages back and forth but they have a dilemma: to sign or not to sign? If
they do sign, the infiltrator will have damning evidence on his hands and
the bad guys will be able to crack down on the conspirators. If they don't
sign, the infiltrator will be able to forge messages and thus seriously
interfere with the activities of the group (e.g. call off action in the
name of the ringleader, etc.).
<...>
The sender can plausibly deny authorship, claiming that the receiver has
forged it using his private key and the sender's public key.
Interesting thought experiement.
I led the development team of the solution used by the CryptoRights Foundation
http://www.cryptorights.org/
our solution consisted of management tools, user interfaces, translations, and
other niceties around a gnupg based engine.
We were most concerned with chain of evidence and verifiability, not plausible
deniability. In the real world, most human rights organizations already have
extensive methods of verifying information that is provided to them, and
informers have elaborate methods of communicating that information, that only
rarely involves electronic communication, encrypted or otherwise, becasue of
the danger of interception. In a country (like China) where much/most
private use of encryption is disallowed anyway, sending *any* encrypted
message is a risk that most human rights workers and informers will not take.
I don't think that OpenPGP needs a new shared-secret method of communication,
or that the spec needs another wrinkle for implementors to chew on.
Regards,
- Brian