Quote:
"""
OTR makes the same error. It takes a very interesting mathematical
property, and extend it into the hard human world, as if the words carry
the same meaning. Perhaps, once upon a time, in some TV court room
drama, someone got away with lying about a document? From this, OTR
suggests that mathematics can help you deny a transcript? It can't. It
can certainly muddy the waters, it can certainly give you enough rope to
hang yourself, but what it can't do is give some veneer of "it didn't
happen." Not in court, not in the hard world of humans.
"""
I don't see any 'why' here. Maybe the context of this particular discussion would clarify it. Maybe it's well-known in places I have not read.
I think that perhaps a steganography implementation combined with OTR might provide a very interesting approach to hiding crypto communication and providing reasonable doubt on the transmission's existence.
OTR can be trivially faked. So if you have a transcript of me saying "I did not commit the crime.", you can easily manufacture "I did commit the crime." And that's how it should be.
If you have a cipher that produces a stream of good pseudorandom numbers, you can use that as a one time pad. Forging is trivial.
If I remember correctly: For the individual messages OTR uses Diffie-Hellman to exchange the key. That means your dialog partner knows the same key, and could have produced the message, too.
At first glance, I thought this was a message by Ian Goldberg, one of the two designers of OTR, but of course it's Ian Grigg.
His points are basically correct but I think a little overblown.
The point of OTR is not to provide you with real-world deniability, but simply to not remove it in one particular way, by not providing additional evidence of the authenticity of a logged communication, beyond what would be available if the communication were in plain text.
"Ian G" correctly recognizes that OTR doesn't provide mathematical reliability, but rather just prevents mathematical confirmation. The issue here (seems to be) that he incorrectly thinks that it is said to do anything else. "Ian Goldberg" (an apparent different person) points this out well here: http://lists.randombit.net/pipermail/cryptography/2011-July/...
There is also some mumbo jumbo about what math should or should not attempt to do. If I'm reading this correctly, it seems like Ian G is also opposed to any system that could do what he thinks OTR allegedly does. Seems like just another opinion to me, not really worthy of much analysis.
I don't see any 'why' here. Maybe the context of this particular discussion would clarify it. Maybe it's well-known in places I have not read.
I think that perhaps a steganography implementation combined with OTR might provide a very interesting approach to hiding crypto communication and providing reasonable doubt on the transmission's existence.