E-mail with deniable authentication

Mario Figueiredo marfig at gmx.com
Wed Aug 30 11:34:10 CEST 2017

On Tue, 29 Aug 2017 14:33:46 -0400
"Robert J. Hansen" <rjh at sixdemonbag.org> wrote:

> You can prove origination *only if* you can prove the originating PC
> was not compromised.  Given how common compromise is today -- a few
> years ago Vint Cerf estimated one in four desktop PCs was compromised
> -- this is a very high threshold to clear.
> In a theoretical sense, OpenPGP is a nonrepudiable protocol.  But in a
> practical sense, it is not.

This isn't true. The necessity for deniability arises many times in
contexts where the odds aren't measured clinically, where the
possibility of one's PC being compromised isn't know or established,
or which has much lower thresholds of acceptance. Examples are
dictatorships, and many forms of human relationships, including job

I would say that it is the exact opposite of what you said, in
practice OpenPGP is nonrepudiable.

But that's fine. One can argue that OpenPGP isn't designed to offer
that feature and probably never will. Deniability, particularly
when it comes to the subject of communication, requires that the
message itself can be deniable. OpenPGP does not do any of that. That
level of protection exists a layer up OpenPGP.

If one wants to use deniability with OpenPGP, one just needs to wrap
OpenPGP messages in systems that support it.

Sinceramente / Best regards,

Mário J.G.P. Figueiredo
Luanda, Angola
(email) marfig at gmx.com (alt) krugar at openmailbox.org
(phone) +244 934 535 121
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170830/ebebd3b5/attachment.sig>

More information about the Gnupg-users mailing list