[jdev] Re: JEP-0027 (OpenPGP) implementation question

Juan Antonio Gómez Moriano moriano.jabber at gmail.com
Tue Mar 7 17:34:15 CST 2006


El mar, 07-03-2006 a las 14:49 -0800, Justin Karneges escribió:
> On Tuesday 07 March 2006 14:12, Peter Saint-Andre wrote:
> > So the repudiability and perfect forward security aspects of OTR don't give
> > me much comfort in the real world.

The thing is that in the real world the cryptography will only be
considered seriously if it is understand, and i guest lawyers do not
understand it properly. 

As an example, in my country (spain) a few years ago (10 year maybe?) a
teenager was in court because he makes a port scan to a bank (is it such
a big deal?!?!), and the jugde was there asking , he make a waht? a scan
port? the computer has ports? what is it like a dock? Come on free him. 

Although that is true (exagerated, but it happened like i said), If i
persist on saying "no, i did not send that email saying Blablabla", a
lawyer will never find a way to probe that i'm saying a lie, and of
course if he ask a cryptographer he will never say "this is 100% secure"
so the "non-repudiability" doesn't look to fit propely in the "real
world"... unfortunately...
> 
> Exactly.
> 
> Interesting of you to bring up forward secrecy here.  I believe that's where 
> if your public key is compromised, your past session keys aren't.  TLS has 
> this (and probably SSH also), and I'd consider this to be a generally useful 
> feature.  However, in the context of IM, where you're sending your content to 
> another party with a large chance of it being logged, forward secrecy seems 
> to be a lot less useful.
> 
> -Justin




More information about the JDev mailing list