Off-the-record communication, or, why not to use PGP

Nikita Borisov, Ian Goldberg, Eric Brewer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Quite often on the Internet, cryptography is used to protect private, personal communications. However, most commonly, systems such as PGP are used, which use long-lived encryption keys (subject to compromise) for confidentiality, and digital signatures (which provide strong, and in some jurisdictions, legal, proof of authorship) for authenticity. In this paper, we argue that most social communications online should have just the opposite of the above two properties; namely, they should have perfect forward secrecy and repudiability. We present a protocol for secure online communication, called "off-the-record messaging", which has properties better-suited for casual conversation than do systems like PGP or S/MIME. We also present an implementation of off-the-record messaging as a plugin to the Linux GAIM instant messaging client. Finally, we discuss how to achieve similar privacy for high-latency communications such as email.

Original languageEnglish (US)
Title of host publicationWPES'04
Subtitle of host publicationProceedings of the 2004 ACM Workshop on Privacy in the Electronic Society
EditorsS. Capitani di Vimercati, P. Syverson
Pages77-84
Number of pages8
StatePublished - Dec 1 2004
Externally publishedYes
EventWPES'04: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society - Washington, DC, United States
Duration: Oct 28 2004Oct 28 2004

Publication series

NameWPES'04: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society

Other

OtherWPES'04: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society
CountryUnited States
CityWashington, DC
Period10/28/0410/28/04

Keywords

  • Deniability
  • Perfect Forward Secrecy
  • Private Communication

ASJC Scopus subject areas

  • Engineering(all)

Fingerprint Dive into the research topics of 'Off-the-record communication, or, why not to use PGP'. Together they form a unique fingerprint.

  • Cite this

    Borisov, N., Goldberg, I., & Brewer, E. (2004). Off-the-record communication, or, why not to use PGP. In S. Capitani di Vimercati, & P. Syverson (Eds.), WPES'04: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society (pp. 77-84). (WPES'04: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society).