1995-10-09 - Re: Certificate proposal

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: dbe708ced2a197f34d233482623c4573fb30252951eb595aa40196d0234124d8
Message ID: <199510092054.NAA12060@jobe.shell.portal.com>
Reply To: <ac9ea8f3010210049f44@[205.199.118.202]>
UTC Datetime: 1995-10-09 20:55:12 UTC
Raw Date: Mon, 9 Oct 95 13:55:12 PDT

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Mon, 9 Oct 95 13:55:12 PDT
To: cypherpunks@toad.com
Subject: Re: Certificate proposal
In-Reply-To: <ac9ea8f3010210049f44@[205.199.118.202]>
Message-ID: <199510092054.NAA12060@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


m5@dev.tivoli.com (Mike McNally) writes:

>You have several alternative means of verifying the key:

>1) You can meet Bob at a local Pizza Hut and verify the key in person.

>2) You can go through a variety of channels to a variety of other
>trusted entities and verify with them that they're using the same key
>for Bob.

>3) You can set up some sorts of communications tests to "probe" for a
>MITM situation, perhaps by passing through "seeded" information (data
>taggants?).

I will agree that there are alternatives to certificates.  I alluded to
this in the part of my message which you elided below, about defeating
MITM attacks via various techniques.  However, it may not be as easy to
automate these tests as to automate a certificate check, and in
particular the more automated the tests become the more plausible it
would be that the MITM could recognize and defeat a standard test.

> > I don't want to overstate the risk of this attack.  It would not be an
> > easy one to mount ... The risks of MITM attacks on public key
> > systems was recognized not long after those systems were proposed.  The
> > problems with fake keys have been discussed for over a decade.
> >
> > Why is this all suddenly irrelevant?  

>I don't think it is irrelevant, I just think it's orthogonal to the
>issue of whether a certificate for a key<-->entity relationship is
>considered to be the key or an adjunct to the key.  I could be wrong,
>of course.

The POV I am really arguing against is the one that defines identity to
be a key, that states that in communicating with a key you are by
definition communicating with the person you have in mind.  The man in
the middle attack does not exist because from your point of view the
entity at the other end of the communication channel is just the MITM
plus the person you think you are talking to.  This idea has been
expressed many times by other people in this discussion, and it is this
which I think is fundamentally flawed and even dangerous because it
encourages the use of untested keys.  In fact it seems to define away
the question of whether a key is real or fake.

Hal





Thread