On Tue, 29 Aug 2017 14:33:46 -0400 "Robert J. Hansen" <r...@sixdemonbag.org> wrote:
> You can prove origination *only if* you can prove the originating PC > was not compromised. Given how common compromise is today -- a few > years ago Vint Cerf estimated one in four desktop PCs was compromised > -- this is a very high threshold to clear. > > In a theoretical sense, OpenPGP is a nonrepudiable protocol. But in a > practical sense, it is not. This isn't true. The necessity for deniability arises many times in contexts where the odds aren't measured clinically, where the possibility of one's PC being compromised isn't know or established, or which has much lower thresholds of acceptance. Examples are dictatorships, and many forms of human relationships, including job relations. I would say that it is the exact opposite of what you said, in practice OpenPGP is nonrepudiable. But that's fine. One can argue that OpenPGP isn't designed to offer that feature and probably never will. Deniability, particularly when it comes to the subject of communication, requires that the message itself can be deniable. OpenPGP does not do any of that. That level of protection exists a layer up OpenPGP. If one wants to use deniability with OpenPGP, one just needs to wrap OpenPGP messages in systems that support it. -- Sinceramente / Best regards, Mário J.G.P. Figueiredo Luanda, Angola (email) mar...@gmx.com (alt) kru...@openmailbox.org (phone) +244 934 535 121
pgphZvxJEpPyW.pgp
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
