From: Scott Brickner <sjb@universe.digex.net>
Date: Mon, 9 Oct 95 16:03:45 PDT
To: Hal <hfinney@shell.portal.com>
Subject: Re: Certificate proposal
In-Reply-To: <199510092038.NAA09612@jobe.shell.portal.com>
Message-ID: <199510092303.TAA24560@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Hal writes:
>Try to think of it not in relativistic or epistemological terms, but
>rather look at it in terms of reality.  The real world exists, and in it
>exist real people.  We can agree on this much, right?  Two of these
>people want to communicate securely.  That is not such a stretch of the
>imagination, is it?  By "communicate securely" I mean they exchange
>information in such a way that other people don't receive it.

>Now surely it is clear that with this definition of the problem,
>approaches which redefine people to mean people+eavesdroppers are not
>responsive.  Perhaps the motivation to do so is simply the belief that
>the problem is not solvable as stated.  If so, I'd like to hear someone
>say this.

This whole issue is a philosophical one.  The issue is the "ontology"
of electronic relationships.  The argument presented is analogous to
the "Turing test" for artificial intelligence.  The MITM is relevant
only where two commuicating parties share no channels which the MITM
doesn't control, otherwise they exchange one secret over such a channel
and Mitch is hosed (with probability 1/2^h, where h is the entropy of
the secret).

Now, if Alice communicates with an entity she knows as "Bob", which in
"reality" is Bob filtered by Mitch, I think we can readily agree that
Alice probably cannot communicate securely with Bob.  She *can*,
however, communicate in perfect secrecy with "Bob" -- the amalgamation
of Bob and Mitch.  The ontological issue comes about when we ask who it
is with whom Alice *wants* to communicate.  I'd maintain that Bob has
no ontological status with Alice.  She knows nothing of Bob, only of
"Bob".  Therefore, she must be intending to communicate with "Bob", and
her communication is secure.

An entity cannot have a meaningful ontological status until some
communication occurs.  The status which results from the communication
is "the entity, calling itself Bob, with whom I communicated over
channel X".  When a second communication occurs, we may have "the
entity, calling itself Bob, with whom I communicated over channel Y".
If the second communication contains an authenticating transaction,
then we can note that the two entities are the same.  This is what we
really mean by authentication, anyway.

As long as Mitch is successful in his MITM attack, then Bob is not an
entity with respect to Alice.

If Alice finds a key that purports to belong to Bob, about whom she
previously knows nothing, what possible relevance can it have whether
it really belongs to Bob or to "Bob" --- there is nothing in Alice's
mind to distinguish the two.

If Alice finds a key that purports to belong to Carol, about whom she
knows something, then she must execute an authentication protocol with
the new key to verify that the entity with whom it permits
communication is actually Carol, and not "Carol".

Identifying the key with the person is entirely reasonable, if the key
is what introduced the person to you (and thus ontologically created
the entity).  If the introduction happens prior to receiving the key,
then authentication becomes necessary to avoid MITM.