Sciweavers

WPES
2004
ACM

Off-the-record communication, or, why not to use PGP

14 years 5 months ago
Off-the-record communication, or, why not to use PGP
Quite often on the Internet, cryptography is used to protect private, personal communications. However, most commonly, systems such as PGP are used, which use long-lived encryption keys (subject to compromise) for confidentiality, and digital signatures (which provide strong, and in some jurisdictions, legal, proof of authorship) for authenticity. In this paper, we argue that most social communications online should have just the opposite of the above two properties; namely, they should have perfect forward secrecy and repudiability. We present a protocol for secure online communication, called “off-the-record messaging”, which has properties better-suited for casual conversation than do systems like PGP or S/MIME. We also present an implementation of off-the-record messaging as a plugin to the Linux GAIM instant messaging client. Finally, we discuss how to achieve similar privacy for high-latency communications such as email. Categories and Subject Descriptors K.4.1 [Managemen...
Nikita Borisov, Ian Goldberg, Eric A. Brewer
Added 30 Jun 2010
Updated 30 Jun 2010
Type Conference
Year 2004
Where WPES
Authors Nikita Borisov, Ian Goldberg, Eric A. Brewer
Comments (0)