From: Eli Brandt <eli@UX3.SP.CS.CMU.EDU>
To: cypherpunks@toad.com
Message Hash: 93298140c56dfe9cb34e159e8e7c700f9e4d17a174c40f4690a1ffb868e547a3
Message ID: <9510092306.AA04357@toad.com>
Reply To: <199510092038.NAA09612@jobe.shell.portal.com>
UTC Datetime: 1995-10-09 23:07:03 UTC
Raw Date: Mon, 9 Oct 95 16:07:03 PDT
From: Eli Brandt <eli@UX3.SP.CS.CMU.EDU>
Date: Mon, 9 Oct 95 16:07:03 PDT
To: cypherpunks@toad.com
Subject: Re: Certificate proposal
In-Reply-To: <199510092038.NAA09612@jobe.shell.portal.com>
Message-ID: <9510092306.AA04357@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
Hal said:
> Try to think of it not in relativistic or epistemological terms, but
> rather look at it in terms of reality. The real world exists, and in it
> exist real people. We can agree on this much, right? Two of these
> people want to communicate securely. That is not such a stretch of the
> imagination, is it? By "communicate securely" I mean they exchange
> information in such a way that other people don't receive it.
If the devil runs the entire network, Alice and Bob are out of luck.
They can't absolutely guarantee that this is not the case.
But as you point out, it is useless to say, "This key lets you talk
securely to Alice and anyone else who may be listening." This
hard-codes your paranoid fantasies into the semantics of the system.
Overestimating the threat can result in bad decisions just as
underestimating can. I've seen people on Usenet say, "The NSA can
break anything, so why bother with PGP?"
What we want is for two parties, presumed trustworthy, to be able to
communicate with some confidence that they are not being eavesdropped
upon by any opponent with realistic capabilities. This is feasible.
This is a useful thing to be able to do. Defining the problem away is
less useful.
I could say more, but I'm not certain I really understand this whole
conversation, so I'll hold off for now.
--
Eli Brandt
eli+@cs.cmu.edu
Return to October 1995
Return to “tcmay@got.net (Timothy C. May)”