Your intrepid reporter goes to a private location and meets with a key source who wishes to remain anonymous and off the record. The reporter understands that all information she learns from the source must be validated elsewhere and not directly quoted (private), that the source is who he says he is (authenticated), and that should their conversation become public they could both plausibly deny having said any of the recorded words (repudiable). How do we construct a digital version of an IRL meeting?
Nikita Borisov, Ian Goldberg, and Eric Brewer devise a communication protocol in Off-the-Record Communication, or Why Not To Use PGP that provides all of the above mentioned properties, as well as forward-secrecy (breaking the encryption on one message doesn’t give an attacker keys to past or future messages). Wes will review the OTR protocol and its clever collection of strong and purposefully weak cryptographic techniques that form the basis of the Signal private messaging app.