[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Talking to strangers (was: Crypto Regulation Reform)
Earlier, Robert Cain wrote:
> We shall see. I contend that with this I can establish a spoof-proof
> point to point with a total stranger to any desired probability that
> a spoof could not be there without disclosing him/her. It is not hard
> for me to envision, especially in business situations, how such a
> thing would be more than useful.
If I understand you correctly, your asserting that without _any_ prior
knowledge of the person you are communicating to, and without any form
of online checks before or during your authentication mechanism, that
you can be _sure_ you're talking to said stranger ?
Unless there are other presumptions, I fail to see how you can be sure
you are communicating to someone, when you don't know who they are.
Even if you can get something akin to a pgp key with an identifier and
be sure you are taking to the owner of _that_ identifier, but you can't
be sure that identifier is real and/or not a forgery.
Given those circumstances, wouldn't a man in the middle relay attack be
a piece of cake ?
Matthew.
--
Matthew Gream. ph: (02)-821-2043. [email protected].
PGPMail and brown paperbags accepted.