zlacker

[parent] [thread] 2 comments
1. cyphar+(OP)[view] [source] 2020-06-05 10:41:02
Except the whole point of OTR-like messaging was that you can communicate with someone who you can't be entirely sure you trust in perpetuity (that's why messages in Signal and similar systems don't have non-repudiation -- neither party can prove to a third party that a message really was sent by the other party). Now, obviously the metadata worry is separate to how the message cryptography is implemented but it does seem odd to have a threat model which is somewhat confused on this question.
replies(1): >>nix23+Hc
2. nix23+Hc[view] [source] 2020-06-05 12:48:20
>>cyphar+(OP)
But with signal you can verify that person, its like the opposite of otr.

https://signal.org/blog/safety-number-updates/

replies(1): >>cyphar+Hu1
◧◩
3. cyphar+Hu1[view] [source] [discussion] 2020-06-05 19:30:40
>>nix23+Hc
OTR also allows you to do key verification -- all encrypted chat systems support that. The point isn't that you cannot be sure who you're talking to, the point is that the communication transcript cannot be provided to a third party as evidence that either party in the conversation said something.

This is fairly simply implemented in OTR. Rather than signing the message with an asymmetric keypair (as you would with PGP), you sign it with a HMAC. Thus both the sender and recipient could create a valid message from the sender (giving you the property that only the two people in the conversation can be sure what was actually said by the other party, without being able to prove it to a third party cryptographically).

[go to top]