From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 5b1eba5e618fcc08ddce1484efbaaca0a25c2927c81a3e3256ed44902a18e340
Message ID: <199510092316.QAA09588@jobe.shell.portal.com>
Reply To: <21628.9510092240@exe.dcs.exeter.ac.uk>
UTC Datetime: 1995-10-09 23:17:41 UTC
Raw Date: Mon, 9 Oct 95 16:17:41 PDT
From: Hal <hfinney@shell.portal.com>
Date: Mon, 9 Oct 95 16:17:41 PDT
To: cypherpunks@toad.com
Subject: Re: Certificate proposal
In-Reply-To: <21628.9510092240@exe.dcs.exeter.ac.uk>
Message-ID: <199510092316.QAA09588@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
It occurs to me that perhaps I have been missing a point here when people
argue that having a "man in the middle" is not that different from
various forms of secure communication, such as where Bob has multiple
personalities or is a committee. I have been taking this to mean that we
should therefore not worry about MITM attacks, which seems crazy to me.
Instead perhaps this was meant as a "reductio ad absurdum" argument for
why MITM attacks cannot be prevented in the scenario where people have no
out-of-band contact. Anything which could detect and prevent MITM
attacks could, by this analogy, detect whether Bob had multiple
personalities. Since the latter is obviously impossible, the former must
be as well. Hence the problem has no solution and we should not
waste much time on it.
I don't fully agree with this but at least it is not as bizarre as the
first interpretation.
Hal
Return to October 1995
Return to “tcmay@got.net (Timothy C. May)”