1995-10-11 - Re: MITM garbage

Header Data

From: Scott Brickner <sjb@universe.digex.net>
To: don@cs.byu.edu
Message Hash: 0df0d5d2a911cb8bbd4dcdc1836833c7acf45b8943b4bbe2f80cf771af6efbcb
Message ID: <199510111901.PAA15377@universe.digex.net>
Reply To: <199510110408.WAA00256@wero.byu.edu>
UTC Datetime: 1995-10-11 19:01:42 UTC
Raw Date: Wed, 11 Oct 95 12:01:42 PDT

Raw message

From: Scott Brickner <sjb@universe.digex.net>
Date: Wed, 11 Oct 95 12:01:42 PDT
To: don@cs.byu.edu
Subject: Re: MITM garbage
In-Reply-To: <199510110408.WAA00256@wero.byu.edu>
Message-ID: <199510111901.PAA15377@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


don@cs.byu.edu writes:
>So, if you ask me, none of _those_ methods are very trustworthy considering
>the resources you have to have already assigned to Mitch - after all, 
>keeping a 24 hour Medussawatch on you and your whole ISP is tough work. 
>Going _through_ Mitch is not easy.

I agree.  The whole of the post to which you responded was directed to
the point that MITM is virtually impossible in the real world.  Since
as little as one successful communication can reveal his presence,
Mitch must cover *all* avenues his victims may use.

>>The chance of failure is minimized by diversity in the channels used to
>>try to bypass the MITM. 
>
>I agree-On the other hand, it's not terribly difficult to go _around_
>Mitch.  I mean, just how many of the following things has Mitch done:
>Watch all the ISP's in town and all the phone lines you can use to call
>them.  Filter your work/school ISPs. Filter all your net-using neighbors,
>co-workers, and friends' accounts. etc. All it takes is to get one
>non-Mitch public key. 

Once again.  That's what I said.  "Going around Mitch" is another way
of saying "using (yet) another channel", one which you haven't tried
before, meaning more diversity in the channels.

>>you can't afford a failure, you *do* need a channel over which you have
>>nearly complete control.  The simplest such channel is a physical
>>meeting, during which you exchange public keys.  If the MITM threat is
>
>How do you know you're not giving your key to Mitch. And how do you know
>that Mitch isn't headed over to Alice's later on to pretend to be you and 
>give Alice "your" key?

This goes back to the issue of why you care about the identity of the
key owner.  Presumably you have some knowledge of Alice which may be
verified by physical presence, or Alice carries some credentials which
are sufficiently difficult to forge.  Barring something like this,
though, you *can't* know whether there's a MITM --- but barring prior
knowledge of Alice, you don't care who's behind the key.





Thread