Hi, Ximin Luo wrote (28 Oct 2014 01:11:27 GMT) : > Both of you are right in some degree. Deniability is indeed a secondary > property of > the underlying authentication system (note: *not* encryption system as Harlan > said). > It makes no sense without authentication. However, I'm neutral as to merging > the > two points.
With OTR, users get deniability, which is an important feature for them. It seems to me that most users don't care at all that deniability is a secondary property of the underlying authentication system. If we have to make a choice, I'd rather focus on what is important from the user PoV. It may be that we don't have to make a choice, see below. > A related point is that "forward secrecy" is a secondary property of the > underlying > encryption system. It makes no sense without encryption (i.e. > confidentiality). > Personally, I like to introduce these concepts as "forward-secure > confidentiality" and "deniable authentication". I suspect that with all this info in hand, someone who cares strongly about this could come up with a phrasing that: * structurally, focuses on users' needs, and features they can see * manages to sneak in the correct terminology that Ximin is proposing, somehow Any taker? Cheers, -- intrigeri -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
