Off The Record communications

The title of the paper has a byline: “Why Not To Use PGP”. Sometimes, private back channel conversations are best when

• - They are confidential and kept private between the participants – so the messages should be encrypted in transit
• - The parties must be clearly authenticated / identified so you know who you’re talking to
• - They offer repudiation: the conversation must remain unverifiable to third parties, where conventional encryption would identify and verify who said what (and when), if keys were to be compromised or broken.

PFS (perfect forward secrecy) is desirable in these use cases since “compromise of long-term keys does not compromise past session keys”. From the article, “If forward secrecy is used, encrypted communications and sessions recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future, even if the adversary actively interfered.”

If it is useful to have a verifiable record, use PGP and proper signatures.

If you want to just float an idea privately, say among representatives of nations with externally antagonistic views, or peace talks among parties in the Middle East, “just us girls talking”, OTR protocols can be great ways to explore options without being held to previous statements. OTR conversations allow participants to more freely speculate about a wide range of options, which is very much in the nature of human conversation that is not formally recorded.

Preliminary conversations relating to merger and acquisitions, or collaborations, might be helped by a properly implemented "off the record" conversation. Until the concept gains general understanding and acceptance, however, it seems unlikely that such benefits will become widely used.

Separately, Forward Anonymity has a different emphasis and objective, in that the identities of the participants should not be discoverable after the fact.