plausibly deniable

David Shaw dshaw at jabberwocky.com
Thu Jul 22 23:17:40 CEST 2010


On Jul 22, 2010, at 4:26 PM, Robert J. Hansen wrote:

> On 7/22/2010 4:19 PM, Andre Amorim wrote:
>> Do we have a "plausibly deniable" option ?
> 
> No.  Plausible deniability depends entirely on what your adversary finds
> plausible.  "I didn't sign that!  Look -- I have Thunderbird configured
> to automatically sign *everything*, and I have no passphrase on my key.
> Someone got access to my system and sent out a message that got
> automagically signed by my key!"
> 
> Such things have happened before.  Werner himself has received
> PGP-signed spam, from some hapless person whose machine had been
> hijacked and was being used as a botnet to send messages through a PGP
> signing proxy.  Some people will find this explanation plausible.
> Others will merely find it convenient.
> 
> Since there is no agreed-upon definition of plausible deniability, GnuPG
> cannot be said to provide plausible deniability.

By that logic, no program can be said to provide plausible deniability ;)

(Not that I necessarily disagree - I tend to get stuck on the "plausible" part of the deniability.  If things reach the point where you're relying on plausible deniability to save you, you're already in deep trouble.)

David




More information about the Gnupg-users mailing list