1992-12-01 - Re: Secure key exchange

Header Data

From: karn@qualcomm.com (Phil Karn)
To: pmetzger@shearson.com
Message Hash: 27417d85bdb0b8b4a48aee8660ed7668ffaf46aabd5697f3590118a37bc8921e
Message ID: <9212011027.AA25256@servo>
Reply To: N/A
UTC Datetime: 1992-12-01 10:28:08 UTC
Raw Date: Tue, 1 Dec 92 02:28:08 PST

Raw message

From: karn@qualcomm.com (Phil Karn)
Date: Tue, 1 Dec 92 02:28:08 PST
To: pmetzger@shearson.com
Subject: Re:  Secure key exchange
Message-ID: <9212011027.AA25256@servo>
MIME-Version: 1.0
Content-Type: text/plain


>Just to point out, though, this is not foolproof. A good impressionist
>can fool people, especially if they are extremely skilled.

Perhaps. But if it's someone you know well, the imposter may have a
hard time passing that particular Turing Test. For example, Jeff
Schiller called me the other night, nominally to compare our RSA
public keys before signing, but we ended up chewing the fat for nearly
an hour.  It would be hard for an imposter to duplicate that feat
without arousing my suspicion.

Another (somewhat more likely) possibility is that the NSA or FBI
might be holding a gun to the guy's head when you call him up to
verify the key you got with his name on it. Perhaps we need "duress"
hash codes. :-)

Phil





Thread