[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

To: Hal <[email protected]>
Subject: Re: Certificate proposal
From: Wei Dai <[email protected]>
Date: Thu, 5 Oct 1995 17:56:17 -0700 (PDT)
Cc: [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

Hal wrote:
> The thing to keep in mind is, why do we want certificates?  Why not just
> use unsigned keys?  If I encrypt a message for Carl based on some key I
> found lying around somewhere which someone told me is his, and I send it
> to his mailbox, and I get a reply back, how secure is that?  We all know
> that you don't get the full security of the encryption if you do this.
> Man in the middle attacks might not be easy to do in such a situation but
> they are certainly possible.  It is such attacks that certificates (including
> PGP key signatures) are designed to prevent.

I think Carl's point is that when you write an e-mail to Carl, you 
probably don't care that it reaches the "real" Carl Ellison, because you 
don't have a binding between the name "Carl Ellison" and the physical 
person.  A binding between a name and a key is useless if there is no 
binding between the name and the person.  Since this is the case, why not 
forget about the binding between the name and the key (or turn it into a 
local one as I suggested in the previous post) and go straight to the 
binding between the key and the person?

On the other hand, if you do have a binding between the name and the 
person, then most likely you met Carl at some point in the past and he 
told you his name was Carl Elison.  In that case it would have been just 
as easy for him to give you his public key instead.

Wei Dai

References:
- Re: Certificate proposal
  - From: Hal <[email protected]>

Prev by Date: Re: subjective names and MITM
Next by Date: Re: Rethinking the utility of netnews "cancel" control messages
Prev by thread: Re: Certificate proposal
Next by thread: Re: Certificate proposal
Index(es):
- Date
- Thread