From: sameer <sameer@c2.org>
To: hfinney@shell.portal.com (Hal)
Message Hash: 15fc5691d9a92cd701ed2e0a49867429a5dccc9b2f1ca68b10d13efc739e9329
Message ID: <199510091926.MAA08047@infinity.c2.org>
Reply To: <199510091903.MAA22499@jobe.shell.portal.com>
UTC Datetime: 1995-10-09 19:31:33 UTC
Raw Date: Mon, 9 Oct 95 12:31:33 PDT
From: sameer <sameer@c2.org>
Date: Mon, 9 Oct 95 12:31:33 PDT
To: hfinney@shell.portal.com (Hal)
Subject: Re: Certificate proposal
In-Reply-To: <199510091903.MAA22499@jobe.shell.portal.com>
Message-ID: <199510091926.MAA08047@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain
In the situation you cite, Bob doesn't know Alice apart from
their email correspondence?
In this case the ISP is acting as extension-of-alice. Bob
thinks he is talking to Alice but he is talking to ISP+Alice. What
difference does it make, if Bob has no knowledge of Alice outside
their email discussion, that Bob is talking to ISP+ Alice rather than
just alice. From Bob's perspective, Alice is really an alias for
ISP+Alice. (The same goes for Alice in the other direction.)
In tim's words, from alice's point of view "Bob the key" ==
"BOB the person and Bob's ISP". From Bob's point of view "Alice the
key" == "Alice the person & Bob's ISP".
The MITM attack only matters if there is a context outside the
email correpondence. (Say, perhaps, a drug deal which involves real
physical goods.)
More concretely, All I know of 'Hal' is through is emails. If
his ISP is intercepting the email between him and me, then my
definition of 'Hal' is 'Hal+ISP' -- it doesn't make a real difference
unless there is another context involved.
(The MITM is still -important- though, because in most
situations there *is* some external context)
>
> tcmay@got.net (Timothy C. May) writes:
> >For communication, the only credential Alice needs to ensure that only Bob
> >can read her message is that she uses Bob's public key. If "Bob the Key"
> >reads it, presumably it was "Bob the Person" who read it.
>
> >(Again, Bob the Key = Bob the Person to many of us. If Bob the Person has
> >let his private key out, so that Chuck the Person is also able to read the
> >Bob the Key stuff, etc., then of course cryptography cannot really handle
> >this situtation.)
>
> OK, but again, what about the man in the middle attack? Suppose the
> key that you found that claims to be from Bob is actually not his, but
> another one created by a man in the middle, such as Bob's malicious
> ISP? Then that ISP is decrypting the messages Alice sends to him using
> that fake key, and re-encrypting them using Bob's real key. He is
> reading all of the messages, and Alice and Bob do not in fact have
> communications privacy.
>
> I don't want to overstate the risk of this attack. It would not be an
> easy one to mount and I believe there are countermeasures which could
> detect it unless the MITM had nearly supernatural powers. But the MITM
> attack is normally considered seriously in discussing crypto protocols.
> It is a well known weakness in Diffie-Hellman, for example. That is why
> authenticated Diffie Hellman is used in some of the newly proposed key
> exchange protocols for IP. The risks of MITM attacks on public key
> systems was recognized not long after those systems were proposed. The
> problems with fake keys have been discussed for over a decade.
>
> Why is this all suddenly irrelevant? Were these attacks never realistic?
> Is it just not a problem somehow? I am baffled by the fact that people
> are just turning their backs on all these years of research and
> experience. If this is some kind of paradigm shift in which the idea of
> communicating with keys is seen as the key to the puzzle, then I am
> afraid I don't share the enlightenment. To me the problem seems as real
> as ever.
>
> Hal
>
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
The Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") sameer@c2.org
Return to October 1995
Return to “tcmay@got.net (Timothy C. May)”