1995-10-06 - Re: subjective names and MITM

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 5f32ef1e10d89851fa7ef04273c0138520310643e2e6e7c1faec03d746d36f6e
Message ID: <199510060121.SAA25213@jobe.shell.portal.com>
Reply To: <Pine.SUN.3.91.951005111048.24409B-100000@eskimo.com>
UTC Datetime: 1995-10-06 01:22:27 UTC
Raw Date: Thu, 5 Oct 95 18:22:27 PDT

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Thu, 5 Oct 95 18:22:27 PDT
To: cypherpunks@toad.com
Subject: Re: subjective names and MITM
In-Reply-To: <Pine.SUN.3.91.951005111048.24409B-100000@eskimo.com>
Message-ID: <199510060121.SAA25213@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Wei Dai <weidai@eskimo.com> writes:

>In this scheme, the man-in-the-middle problem goes away because you are 
>no longer trying to communicate with a True Name, whose binding with a 
>key can be spoofed, but rather with the key itself.  If the holder of 
>that key chooses to act as a middle-man by relaying messages around, that 
>is his business, and there is really nothing you can do about it.

Carl Ellison has been arguing a similar point for some time, if I
understand him, which I may not!

The man in the middle problem is a difficult one, but I don't think
you're going to get away with defining the problem out of existence.
There is a difference between a MITM and the case you describe where you
are actually communicating securely with the person you think you are,
but he chooses to relay the messages around.  The difference is that if
you are actually communicating securely with an individual, you can form
some estimate of his personality, judgement, etc.  You may choose on this
basis to trust him, provide sensitve information, take risks, and so on.
But if he is actually behind a MITM then all bets are off.  All of your
judgement about him is irrelevant.  At any time the MITM can take
advantage of the information you provide.  He can even "blow his cover"
and take extreme action, to your detriment.

This situation with the MITM is actually about the same as if you were
communicating insecurely in the first place.  You are exposed to all of
the same risks.
So if you are willing to accept communicating systems that allow this
kind of attack, you almost might as well not use cryptography at all.
(Not quite, because the MITM is a more expensive attack to mount than one
on an unsecured wire.)

In fact, I can facetiously prove that cryptography is unnecessary.  We
are not communicating with individuals, but with communicatees.  All of
your messages are by definition going to the communicatee with whom you
are communicating.  If the particular communicatee who is receiving
your message chooses to relay it or spread the information around in
other ways, that is the right and privilege of the communicatee.  But
messages are going to the communicatee they are going to, whether
encryption is used or not.  So encryption is not necessary.

This argument seems to mirror the one for why we only communicate with
keys, that if a key wants to do something nasty we can't stop it (him?),
etc.  I say, we don't communicate with keys.  We communicate with people
(or occasionally programs).

Hal





Thread