On 3/21/2011 10:58 AM, Jerome Baum wrote: > Deniability is "nice", but more generally confusing Mallory is a Good > Thing(tm) as she'll have more work to do. Providing deniability seems to > imply more work on the part of Mallory. Say the point is not to prove > "Alice sent Bob a message", but instead Mallory wants to get at the > plain-text. If she can't know for sure that Clyde can decrypt it -- or > any specific person -- then she'll have to steal several keys before she > finds the right one.
Or she'll just have to kidnap Alice or Bob and beat them senseless with a lead pipe until they confess. Deniability is not as useful of a tool as it is often made out to be. There is also a flip side: deniable communications put parties in increased jeopardy. Imagine Mallory kidnaps Charlene, who is uninvolved, because she thinks Charlene is involved. (This sort of thing happens quite a lot in the real world: for instance, in the '70s the Israeli Mossad murdered an innocent Norwegian waiter because they mistakenly identified him as a terrorist.) Charlene declares her innocence. Mallory beats her senseless with a lead pipe. "I know you're using a deniable system! Stop denying things and tell me the truth!" Charlene tries to prove she didn't receive the message -- but she can't, because it's a deniable system. Mallory keeps on beating her senseless with a lead pipe. Sooner or later, Charlene confesses to anything Mallory suggests, just to make the torture stop. Deniable communications are neat, but there are two huge eight hundred pound gorillas lurking in the room: 1. Deniability doesn't work well against sadists with lead pipes. 2. Deniability means you can't give the sadists a reason to stop. If this is a thought experiment in how to crowbar deniability into OpenPGP, I wish you luck. :) If you're looking at actually using a deniable OpenPGP, or recommending others use one, I hope you'll give serious thought to these two things. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users