On 27/10/14 03:08, Harlan Lieberman-Berg wrote: > On Sun, 2014-10-26 at 21:22 -0400, Filipus Klutiero wrote: >> Rather than advertising 2 independant items, these could be merged in a >> "Deniable authentication" item which would contain both sublists. > > One reason why I think "deniability" is important as a separate feature > is that it is differentiating in the face of other, similar kinds of > programs. Most encryption systems are not deniable; in fact, many > systems are not deniable /by design/. This message, for example, is PGP > signed and is not deniable at all. Anyone who gets a copy of the > message can verify that I, or someone with control over my private key, > composed and sent this message. The Pidgin-Encryption plugin similarly > doesn't have deniability built into its threat model at all. > > In that context, I think it might be deserving of being listed as its > own feature. >
Both of you are right in some degree. Deniability is indeed a secondary property of the underlying authentication system (note: *not* encryption system as Harlan said). It makes no sense without authentication. However, I'm neutral as to merging the two points. A related point is that "forward secrecy" is a secondary property of the underlying encryption system. It makes no sense without encryption (i.e. confidentiality). Personally, I like to introduce these concepts as "forward-secure confidentiality" and "deniable authentication". X -- GPG: 4096R/1318EFAC5FBBDBCE git://github.com/infinity0/pubkeys.git
signature.asc
Description: OpenPGP digital signature
