pgpfan:repudiability
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
pgpfan:repudiability [2020/06/08 21:05] – created b.walzer | pgpfan:repudiability [2021/06/05 01:10] (current) – [Untrusted Correspondent] more articles to refer to. b.walzer | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ======Repudiability====== | + | ======Deniability====== |
- | Repudiability | + | Deniability |
- | If you send a signed and encrypted PGP message to someone then these two entities can gain knowledge | + | When you use public key cryptography to encrypt |
- | - The person you sent it to. | + | Deniability is intended |
- | - Someone who manages | + | |
- | Repudiability is intended to prevent those entities from causing you problems due to that knowledge by breaking or weakening the connection between the message and your cryptographic identity. Your cryptographic identity is normally based on some data that it is expected that only you have access to. In the case of PGP that data is your private key which is required to generate the signature. For this to potentially matter, your signed message would have to be linked to your cryptographic identity. | + | =====Applicability===== |
- | + | ||
- | In a PGP context that would involve at least one of: | + | |
- | + | ||
- | - Direct access to your private key. | + | |
- | - Someone who " | + | |
- | - Some sort of more complicated argument involving the PGP web of trust. | + | |
- | + | ||
- | The first instance is the most definite. It also implies that both you and your correspondent have been compromised. The others provide no definite cryptographic proof of identity. | + | |
In the event that someone can come up with a tie between you and your cryptographic identity then this is what they will face when attempting to link it to your physical identity: | In the event that someone can come up with a tie between you and your cryptographic identity then this is what they will face when attempting to link it to your physical identity: | ||
Line 22: | Line 13: | ||
- Very few people understand cryptographic signatures well enough to even believe that such a thing is possible. | - Very few people understand cryptographic signatures well enough to even believe that such a thing is possible. | ||
- There is no cultural context for the application of cryptographic signatures. | - There is no cultural context for the application of cryptographic signatures. | ||
- | | + | |
- | For something like a court case if it is email then the normal | + | As an example; email evidence used in something like a court case would follow |
In a personal communications situation the people involved will know each other. If the reporter is part of the group then it would come down to how the others felt about you and them. If it was an outsider then the report would be treated as an unsubstantiated rumour. A technical proof would be ignored as redundant. | In a personal communications situation the people involved will know each other. If the reporter is part of the group then it would come down to how the others felt about you and them. If it was an outsider then the report would be treated as an unsubstantiated rumour. A technical proof would be ignored as redundant. | ||
- | Note that a PGP user has complete control over how much their cryptographic identity is linked | + | Ironically the very existence of a deniability feature draws attention |
+ | |||
+ | ====Trusted Correspondent==== | ||
+ | |||
+ | Far and away the most common case is where you can trust the one you are messaging with. If you are using a system that can sign messages then you will have the capability and the motivation | ||
+ | |||
+ | Here we need to make a distinction between | ||
+ | |||
+ | ====Untrusted Correspondent==== | ||
+ | |||
+ | This could be considered the true "off the record" | ||
+ | |||
+ | - Not connecting their identity to their cryptographic identity(([[pgpfan:signedanon|Signed Anonymous Messages]])), or | ||
+ | - Not signing their messages at all(([[pgpfan: | ||
+ | |||
+ | ... rather than having to try to weaken the effect of a cryptographic signature. Our practical example, PGP, works well in this case as it allows both options. Deniability can be seen here as a compromise solution for a problem that need not exist. | ||
+ | |||
+ | It is not really certain that deniability is even completely possible in this case. The cryptographic signature has still proven whatever it can prove. Whatever indication that the system has given your correspondent of your identity can be recorded somehow, even if just in their memory. It's similar to the difference between someone getting your letter and hearing you say something to them in person. | ||
=====Forgeability===== | =====Forgeability===== | ||
- | Forgeability is a part of repudiability. The idea is to make things so that even if someone | + | The method |
+ | |||
+ | The fundamental problem here is that the mere possibility of forging a message | ||
+ | |||
+ | In practice | ||
+ | |||
+ | Consider the case where a corpus of encrypted email is publicly | ||
+ | |||
+ | There is a potential problem of implied intent. Forgeability involves a deliberate act of data leakage. Say you get caught skulking around in the dark with burglary tools in an area with recent breakins. Providing solid proof that you always carry such tools would increase the level of suspicion, not decrease it. | ||
+ | |||
+ | In the same way, using a system that is deliberately designed | ||
- | The fundamental problem with the concept of forgeability is: | + | Consider |
- | **The mere possibility of forging a message does not in any way prove that a message was forged.** | + | ====Forgeability Light==== |
- | In practice you would have to falsely accuse someone | + | Instead |
- | It is much better and safer to just claim that the problematic statement is not what it seems. You might of been joking. You might of been misunderstood. | + | =====Conclusion===== |
- | A system that supports forgeability will have the ability to falsely claim a forgery | + | Forgeability |
- | In a PGP context you could claim someone had gained access to your private key. That argument might actually have some force in a case where someone' | + | Deniablity is one of those things that seems like a good idea in theory. In practice it has very little value. It is unlikely that the feature is worth the extra risk of the complexity it would take to implement it. |
- | Most media is relatively easy to forge. But yet false claims of such forgery are quite rare which suggests that such claims don't tend to work out. False claims of fabricated evidence rarely go anywhere in court for example. Claiming that someone created a forgery using an obscure technical process does not seem any more likely to succeed. | + | [[pgpfan: |
- | Repudiability is one of those things that seems like a good idea in theory. In practice it has very little value. It is unlikely that the feature is worth the extra complexity it would take to implement it. | ||
pgpfan/repudiability.1591650336.txt.gz · Last modified: 2020/06/08 21:05 by b.walzer