From: m5@dev.tivoli.com (Mike McNally)
To: Hal <hfinney@shell.portal.com>
Message Hash: 64fa751cb785bad0f9d017aa8b4599b312cadfea6664d98ca8908e98438321b3
Message ID: <9510061236.AA25892@alpha>
Reply To: <Pine.SUN.3.91.951005111048.24409B-100000@eskimo.com>
UTC Datetime: 1995-10-06 12:37:29 UTC
Raw Date: Fri, 6 Oct 95 05:37:29 PDT
From: m5@dev.tivoli.com (Mike McNally)
Date: Fri, 6 Oct 95 05:37:29 PDT
To: Hal <hfinney@shell.portal.com>
Subject: Re: subjective names and MITM
In-Reply-To: <Pine.SUN.3.91.951005111048.24409B-100000@eskimo.com>
Message-ID: <9510061236.AA25892@alpha>
MIME-Version: 1.0
Content-Type: text/plain
hfinney@shell.portal.com writes:
> There is a difference between a MITM and the case you describe where you
> are actually communicating securely with the person you think you are,
> but he chooses to relay the messages around.
Seems to me that the idea of "communicating with the person you think
you are" is intractably difficult if you're not sitting in the same
room. If you accept instead the idea of "communicating with the
entity possessing the private half of a keypair" then life gets a lot
simpler.
> The difference is that if
> you are actually communicating securely with an individual, you can form
> some estimate of his personality, judgement, etc. You may choose on this
> basis to trust him, provide sensitve information, take risks, and so on.
> But if he is actually behind a MITM then all bets are off.
I don't see why. If, via some MITM (or "EITM", "Entity In The
Middle") you are able to form a trust relationship with a public key,
then I can see no practical difference. Consider a dating advice
service that's behind a public key. You send it dozens of letters,
and soon come to trust the advice being given. By whatever means at
your disposal you look for leaks of information you divulge and find
none, so your trust increases. If the private key is held by an AI
program, by a team of learned specialists at a shadowy Swedish
research institute, or by Rush Limbaugh, then what difference does it
make to you?
> All of your judgement about him is irrelevant. At any time the
> MITM can take advantage of the information you provide. He can
> even "blow his cover" and take extreme action, to your detriment.
But then so can the "real person" you thought you were communicating
with.
> This situation with the MITM is actually about the same as if you were
> communicating insecurely in the first place. You are exposed to all of
> the same risks.
The only way to achieve the level of security offered by physical face
to face communication with a person is to have a physical face to face
conversation at some point. If you only ever communicate via
electronic means, you are always subject to the risk of dealing with a
synthetic entity. (I think.)
> So if you are willing to accept communicating systems that allow this
> kind of attack, you almost might as well not use cryptography at all.
> (Not quite, because the MITM is a more expensive attack to mount than one
> on an unsecured wire.)
That's not clear. I can have confidence when using a PK scheme that I
am at least communicating securely with the entity that holds the
private key. That that entity may be leaking information through
alternate channels is something I don't know; I don't see how you can
securely defend against that in any case, or perhaps I don't see how
defending against it in the case that you think you know who you're
dealing with is any different than defending against it if you accept
that you don't know who you're dealing with.
(I've read over that a couple times, and I think it's OK.)
> In fact, I can facetiously prove that cryptography is unnecessary. We
> are not communicating with individuals, but with communicatees.
Works for me. (Indeed, Hal, I have no idea who or what your are :-)
> All of your messages are by definition going to the communicatee
> with whom you are communicating. If the particular communicatee
> who is receiving your message chooses to relay it or spread the
> information around in other ways, that is the right and privilege
> of the communicatee. But messages are going to the communicatee
> they are going to, whether encryption is used or not. So
> encryption is not necessary.
Ah, but that last point is clearly *not* true. When you encrypt, you
at least have some assurance that between you and the communicatee
there's security. If (unfortunately) the "comminicatee" is a
conspiracy that begins at the CO where your home phone lines
terminate, then indeed you've got a problem.
> This argument seems to mirror the one for why we only communicate with
> keys, that if a key wants to do something nasty we can't stop it (him?),
> etc. I say, we don't communicate with keys. We communicate with people
> (or occasionally programs).
But how do you know? (How do you know there aren't a team of people
standing beside me advising me on what to type?) And note that you
can hardly keep me from doing something nasty: to prove it, I'm going
to get up right now and fetch my favorite beverage, which is a 6oz can
of cranberry juice mixed with a 12oz can of Diet Coke :-)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Return to October 1995
Return to “Wei Dai <weidai@eskimo.com>”