1995-10-10 - Re: Certificate proposal

Header Data

From: sameer <sameer@c2.org>
To: hfinney@shell.portal.com (Hal)
Message Hash: 03f96e517ba9eb21488f43cfa4c08440830992c7e03e6b02ef300ed3f8ef5926
Message ID: <199510092355.QAA29849@infinity.c2.org>
Reply To: <199510092316.QAA09588@jobe.shell.portal.com>
UTC Datetime: 1995-10-10 00:01:03 UTC
Raw Date: Mon, 9 Oct 95 17:01:03 PDT

Raw message

From: sameer <sameer@c2.org>
Date: Mon, 9 Oct 95 17:01:03 PDT
To: hfinney@shell.portal.com (Hal)
Subject: Re: Certificate proposal
In-Reply-To: <199510092316.QAA09588@jobe.shell.portal.com>
Message-ID: <199510092355.QAA29849@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	I rather figured there was miscommunication here.


> 
> It occurs to me that perhaps I have been missing a point here when people
> argue that having a "man in the middle" is not that different from
> various forms of secure communication, such as where Bob has multiple
> personalities or is a committee.  I have been taking this to mean that we
> should therefore not worry about MITM attacks, which seems crazy to me.
> 
> Instead perhaps this was meant as a "reductio ad absurdum" argument for
> why MITM attacks cannot be prevented in the scenario where people have no
> out-of-band contact.  Anything which could detect and prevent MITM
> attacks could, by this analogy, detect whether Bob had multiple
> personalities.  Since the latter is obviously impossible, the former must
> be as well.  Hence the problem has no solution and we should not
> waste much time on it.


	My point is not that MITM has no solution and that time should
not be wasted but that context (in many cases out-of-band contact, but
not necesarily) is an important factor when dealing with MITM. A
context-free situation is not a very useful thing to look at when
trying to solve MITM -- MITM should be looked at in context-based
situations.

> 
> I don't fully agree with this but at least it is not as bizarre as the
> first interpretation.
> 
> Hal
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			sameer@c2.org




Thread