1995-10-09 - Re: Certificate proposal

Header Data

From: m5@dev.tivoli.com (Mike McNally)
To: aba@atlas.ex.ac.uk
Message Hash: f4033feea6b4d163ed63e8f4c4106f3e1f3ebfd48e4e9c74f7397aa48726a200
Message ID: <9510092311.AA27677@alpha>
Reply To: <9510092114.AA24726@alpha>
UTC Datetime: 1995-10-09 23:11:29 UTC
Raw Date: Mon, 9 Oct 95 16:11:29 PDT

Raw message

From: m5@dev.tivoli.com (Mike McNally)
Date: Mon, 9 Oct 95 16:11:29 PDT
To: aba@atlas.ex.ac.uk
Subject: Re: Certificate proposal
In-Reply-To: <9510092114.AA24726@alpha>
Message-ID: <9510092311.AA27677@alpha>
MIME-Version: 1.0
Content-Type: text/plain



aba@atlas.ex.ac.uk writes:
 > Now the puzzling stuff is people who appear to be arguing that MITM is
 > unimportant

Hal said this same thing in a recent note.  For myself, I've never
meant to argue that the MITM threat is unimportant.  I've simply
contended that you're no more vulnerable to it in the key-as-True-Name
scenario than with a certificate-bound key-to-name relationship
system.  If you assume an MITM could thwart the establishment of trust
in the first case, then I guess I posit that the same energies could
with equivalent hope for success be directed in an attack on a more
"traditional" certificate scheme.

 > Perhaps the view is based on the fact that there are plenty of
 > situations where you don't care what an entities name is, and hence
 > the attribute which should be under discussion is credit worthiness,
 > or reliability, but still you need to protect against MITM, using
 > whatever channels and means available.  I don't see how this alters
 > the argument.

And this is where I start to think we're all in agreement even though
there's an argument going on!  Yes, I think you need to protect
against MITM attacks by whatever means are available.  I think that no
matter what you do, if you're strictly relying on communications
systems over which you ultimately have no control (if at some point
somebody you simply have to trust on faith inevitably gets his hands
on your bits), then you have to put up with a non-zero probability of
being victimized by a MITM attack.  If you're willing on blind faith
to trust certificates granted by some authority, you're fooling
yourself (I claim).  If you only trust that authority because it fits
into an established web, then I don't see why there's any need for a
certificate binding a public key to some "True Name" constant; what's
the point?  (How do you know the alleged True Name has any meaning in
the first place?)

I also posit that this is not really any different than the problems
of social interaction homo sapiens have been dealing with ever since
they grunted their way into cooperative tribal life.


[ I kinda wish somebody with more of a clue than I have would support
me or tell me to shut up :-]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Thread