From: Adam Shostack <adam@homeport.org>
To: smart@mel.dit.csiro.au (Bob Smart)
Message Hash: 328c56a076e4fa09577886436edc40146a8ea9c7c31d55c2edb501f43af24f5f
Message ID: <199510101422.KAA03235@homeport.org>
Reply To: <199510100002.AA01774@shark.mel.dit.csiro.au>
UTC Datetime: 1995-10-10 14:20:09 UTC
Raw Date: Tue, 10 Oct 95 07:20:09 PDT
From: Adam Shostack <adam@homeport.org>
Date: Tue, 10 Oct 95 07:20:09 PDT
To: smart@mel.dit.csiro.au (Bob Smart)
Subject: Re: Certificate proposal
In-Reply-To: <199510100002.AA01774@shark.mel.dit.csiro.au>
Message-ID: <199510101422.KAA03235@homeport.org>
MIME-Version: 1.0
Content-Type: text
"Never underestimate the effort your opponent will expend on
cryptanalysis." -- Robert Morris, Sr., speaking at Crypto '95
If a MITM attack would be useful, then there will be times
when one will be mounted. It might take 30 law enforcement officers
to do it, but it has been demonstrated that the FBI will use that many
people for a year or more on some cases. The CIA and NSA can be
presumed to be willing to spend more time and effort to get certain
results.
Bob Smart wrote:
| Exactly. If a public key ONLY has an existence in cyberspace (as per
| Pr0duct Cipher) then it is impossible to prove that they aren't
| surrounded by a MITM cloud which is also seeing everything they
| see without them knowing it.
|
| It is important to be aware of this. However the importance is
| perhaps mitigated by the following considerations:
|
| 1. Surrounding someone with such an MITM cloud is so hard as to
| be impossible for practical purposes. This will be more true
| if the person trying to establish a cyberspace identity can
| prove that they move around physically and use different service
| providers at different times [but then again perhaps if you
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to October 1995
Return to “tcmay@got.net (Timothy C. May)”