From: m5@dev.tivoli.com (Mike McNally)
Date: Tue, 10 Oct 95 05:58:25 PDT
To: "Don M. Kitchen" <don@cs.byu.edu>
Subject: Re: Certificate proposal
In-Reply-To: <9510091715.AA27991@alpha>
Message-ID: <9510101258.AA28275@alpha>
MIME-Version: 1.0
Content-Type: text/plain



Don M. Kitchen writes:
 > >  If we are forced to exchange keys remotely, then perhaps some sort of
 > >  "proof" techniques could be used to establish to some level of
 > >  assurance that the remote entity I *think* is you is really you.  Or
 > 
 > So who is Pr0duct Cypher then? And why should I have to produce ID saying 
 > my name is Don, unless I'm proving my Real Name[tm] is Don.

Right.  If we're forced to exchange keys remotely, I just have to deal
with the possibility that I'm being spoofed.

 > >  you could provide me with a key, and then I could poll a list of
 > >  references to inquire as to the "goodness" of the key.  This seems to
 > 
 > But there's no way to prove that there's no MITM. But "middle" is a
 > subjective term.

Yes, that's why I put "proof" in quotes.  I guess I meant "demonstrate
to a personally sufficient level of satisfaction".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~