[liberationtech] Not another Haystack right?
Michael Rogers
m-- at gmx.com
Tue Nov 29 12:11:50 PST 2011
Hi Jake,
Thanks for the feedback.
On 29/11/11 19:32, Jacob Appelbaum wrote:
> Indeed, while I like the idea for a sneakernet, I think `gpg -R` does
> the job fine most times, no?
As far as I can tell, GPG uses long-term keys for encryption and
authentication, so there's no forward secrecy or repudiation.
The Briar protocol is closer to OTR in that respect: once a connection
has been torn down and the endpoints have destroyed their ephemeral
keys, there's no way to decrypt the connection or prove that the
endpoints authenticated it.
(Messages sent over the connection may or may not be repudiable by their
authors, depending on whether they're anonymous or pseudonymous, but
that's a separate issue.)
Cheers,
Michael
More information about the liberationtech
mailing list