From: m5@dev.tivoli.com (Mike McNally)
Date: Mon, 9 Oct 95 14:15:11 PDT
To: Hal <hfinney@shell.portal.com>
Subject: Re: Certificate proposal
In-Reply-To: <199510091926.MAA08047@infinity.c2.org>
Message-ID: <9510092114.AA24726@alpha>
MIME-Version: 1.0
Content-Type: text/plain



hfinney@shell.portal.com writes:
 > >just alice. From Bob's perspective, Alice is really an alias for
 > >ISP+Alice. (The same goes for Alice in the other direction.)
 > 
 > What difference does it make?  I'll tell you.  It means that their
 > conversation is not private!  It means that their cryptography is
 > useless, that it has failed.

But if by all means available Bob and Alice satisfy themselves that
their conversation *is* secure, then (until they're proven wrong) it
might as well be.  They have satisfied themselves *at least* that
their messages are in fact encrypted at some point, just as if they
walked into a room, looked around, and satisfied themselves that there
are no hidden microphones.  I don't see how you can ever do any better
than this if you're willing to imagine arbitrary powerful
men-in-the-middle.

 > This is not a useful or appropriate way to think of the world, IMO.  If
 > you do this, then from your perspective people become bafflingly
 > unreliable.  I wrote all about this before.

Gee, in my reality people already *are* bafflingly unreliable.  (You
must not be watching enough afternoon trash talk shows.)

 > Try to think of it not in relativistic or epistemological terms, but
 > rather look at it in terms of reality.  The real world exists, and in it
 > exist real people.  We can agree on this much, right?  Two of these
 > people want to communicate securely.  That is not such a stretch of the
 > imagination, is it?  By "communicate securely" I mean they exchange
 > information in such a way that other people don't receive it.

What, however, is the real difference between the MITM scenario in a
purely electronic relationship, and a "phony personality in the
middle" attack on a "flesh" relationship?  You *think* you're working
with a realtor to buy a house, but in fact it's a con artist that
betrays your trust and rips you off.  You *think* you've found the
love of your life, but in reality it's just somebody who wants to use
you for sex.  There are no guarantees.

Let me ask this:  how do you *guarantee* that you're having a truly
private in-the-flesh correspondence with a person?  And, having done
that, how do you *guarantee* that the other person will behave in an
absolutely trustworthy fashion?

 > Now surely it is clear that with this definition of the problem,
 > approaches which redefine people to mean people+eavesdroppers are not
 > responsive.  Perhaps the motivation to do so is simply the belief that
 > the problem is not solvable as stated.  If so, I'd like to hear someone
 > say this.

I certainly don't know how to solve it, but I wouldn't trust me if I
were you :-)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~