Re: Talking to strangers (was: Crypto Regulation Reform)

[mgream@acacia.itd.uts.edu.au (Matthew Gream)]

Earlier, Robert Cain wrote:

> We shall see.  I contend that with this I can establish a spoof-proof
> point to point with a total stranger to any desired probability that
> a spoof could not be there without disclosing him/her.  It is not hard
> for me to envision, especially in business situations, how such a
> thing would be more than useful.

If I understand you correctly, your asserting that without _any_ prior
knowledge of the person you are communicating to, and without any form
of online checks before or during your authentication mechanism, that
you can be _sure_ you're talking to said stranger ? 

Unless there are other presumptions, I fail to see how you can be sure 
you are communicating to someone, when you don't know who they are. 
Even if you can get something akin to a pgp key with an identifier and 
be sure you are taking to the owner of _that_ identifier, but you can't 
be sure that identifier is real and/or not a forgery.

Given those circumstances, wouldn't a man in the middle relay attack be
a piece of cake ? 

Matthew.
-- 
Matthew Gream. ph: (02)-821-2043. M.Gream@uts.edu.au.
PGPMail and brown paperbags accepted.