From: "Don M. Kitchen" <don@cs.byu.edu>
Date: Mon, 9 Oct 95 19:33:40 PDT
To: cypherpunks@toad.com
Subject: Re: Certificate proposal
In-Reply-To: <9510091715.AA27991@alpha>
Message-ID: <ML-1.3.1.813289477.5758.don@coconut.cs.byu.edu>
MIME-Version: 1.0
Content-Type: text/plain


>  
>  hfinney@shell.portal.com writes:
>   > I can see using keys with attributes in this way, for credentials or as
>   > other forms of authorization.  But what about for communications privacy?
>   > What is the attribute that tells you that using this key will prevent
>   > eavesdropping?
>  
>  If we exchange keys on a face-to-face basis, then I really don't see
>  much of a MITM threat, unless somehow the MITM has perverted my
>  original key and I for some reason can't figure that out.  Now, as
>  long as you communicate with me via the public key I've handed you, we
>  should be as safe as PKE can make us.

Ah, but you're being sucked in by the True Name game. Suppose the
Medussa in the middle is the one who meets you. What is he/she going
to do, whip out a passport that says "Pr0duct Cypher" across it?

The only way to prevent that is if the nym has a public identity, and
a way to prove a link to that identity. The only reason to meet in
person is to verify a True Name[tm]. If I want people to know that I
trust Pr0duct Cypher, I can encrypt my signature to the PC key with PC"s
public key, that I already know is his because that's what he sends out
with his source code. The information is only useful to the holder of
the key, that being PC. I am, though, relying on the MITM to not be
all-powerful. Mitch in the Middle could have intercepted all Pr0duct
Cypher messages and put in his/her own key. As long as the real PC is
unaware of the fake PC, or is unable to raise the alarm, there is NOOO
way of detecting PC having been isolated by Mitch. As I said, what are
you going to ask for, besides something relating to a key published along
with reputation-building material.

>  If we are forced to exchange keys remotely, then perhaps some sort of
>  "proof" techniques could be used to establish to some level of
>  assurance that the remote entity I *think* is you is really you.  Or

So who is Pr0duct Cypher then? And why should I have to produce ID saying 
my name is Don, unless I'm proving my Real Name[tm] is Don.

>  you could provide me with a key, and then I could poll a list of
>  references to inquire as to the "goodness" of the key.  This seems to

But there's no way to prove that there's no MITM. But "middle" is a
subjective term. If Mitch has become sophisticated enough to meet
in person with a magic ID, and write cryptocode on the spot, I'm no
longer dealing with Medussa In the Middle, I'm dealing with someone
pretending to agreeing with me, when really they are opposed to my
beliefs.

>  me to be subtly different than a certificate procedure, because I'm
>  not asking about the goodness of a relationship to the key, but rather
>  about the key itself.
>  
>  Maybe I'm missing something.  What is there to trust in a more
>  "traditional" certificate scheme?
>  

Don