1995-10-09 - Re: subjective names and MITM

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 2a94944e72ac0cc3c442f9795b333fc61180d74228e8e069a272b974c3561432
Message ID: <199510091554.IAA20941@jobe.shell.portal.com>
Reply To: <Pine.SUN.3.91.951008185136.29595B-100000@rwd.goucher.edu>
UTC Datetime: 1995-10-09 15:55:40 UTC
Raw Date: Mon, 9 Oct 95 08:55:40 PDT

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Mon, 9 Oct 95 08:55:40 PDT
To: cypherpunks@toad.com
Subject: Re: subjective names and MITM
In-Reply-To: <Pine.SUN.3.91.951008185136.29595B-100000@rwd.goucher.edu>
Message-ID: <199510091554.IAA20941@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


Jon Lasser <jlasser@rwd.goucher.edu> writes:
>I think Hal and some other Cypherpunks (Me, You, Carl, etc.) are not 
>proceeding from one of the same assumptions.  Specifically, Hal seems to 
>be proceeding from the assumption that the person "on the other end of 
>the line" is in fact a known physical entity who has a meat reputation 
>tied to the name.  I'm proceeding from the assumption that the person on 
>the other end of the line has no specific RL reputation that I'm basing 
>the relationship on, just the online one.

>Here's an example:
>There's someone on the list, now, apparently, with the name of "Steven 
>Levy."  Hal assumes that, when communicating with that "Steven Levy," one 
>intends to communicate with the fairly-well-known journalist of that 
>name, and thus  certification of RL identity is important.  I assume 
>that, unless there's a specific reason otherwise, I want to have an 
>intellectual conversation (or financial transaction, etc) that isn't 
>predicated on this being "the" Steven Levy.  In that case, certification 
>of RL identity is irrelevant.

That is not exactly my point.  My concern is avoiding the man in the
middle attack.  One way to do that is to find a certificate from Verisign
saying that this key belongs to Steven Levy, ideally with other
information that I can confirm relates to the on-line personage I wish to
speak to.  Presumably the MITM can't get a certificate for Steven Levy,
unless by coincidence his name actually is Steven Levy, in which case the
other information I mentioned will be helpful as well.

Would you propose just to use an unsigned key that says it is for
Steven Levy?  Or perhaps a key without any name at all that someone
told you was for him?  That is the policy which I have been arguing
against.  The whole idea of communicating with keys, or not having key
certificates or signatures, seems to me to leave open the possibility
of man in the middle attacks.  Isn't this a problem?  Or are the
difficulties of mounting a MITM attack considered so large that they can be
neglected?  I would just like to hear exactly what are the assumptions
being made regarding this problem by those who oppose certificates.

Hal





Thread