[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MITM attacks and True Names (again...)


At 07:02 PM 10/6/95 -0600, [email protected] wrote:
>(As an aside I fully sympathize with those who rail against the popular
>(?) impression that a True Name is somehow necessary to communication.
>That is a dangerous idea, since all a True Name is really necessary for
>is violence.  (And, pending certain eagerly-awaited technological
>developments, for sex.))

That's incorrect - it can also be necessary for _avoiding_ violence.
You don't need a full True Name for that, but you do need an accurate
partition of the namespace into those entities who will, won't, or might
come and beat you up based on what you say.  Thus, if you're talking to
Subcommandante Marcos about your plans for overthrowing the governor,
you don't need to know his True Name, but you do need to know if he's a cop;
anybody doing a successful MITM job on your data communications probably is.

Similarly, if you're in the pharmaceutical retail business and talking to
your wholesaler, you may even want to avoid knowing his True Name, but you
not only want to know if he's a cop, but you may want to know whether,
if you show up at the appointed physical location with your physical body,
you'll be met by just him (with his merchandise), or by other people as well
(eavesdroppers using MITM because it's easier than cracking crypto),
or by one of his or your competitors trying to rip you off.
(You'd also like to know if you'll be met by him without his merchandise,
but with his big ugly friends, which is why you plan to meet him in a 
public place...)

Version: 2.7.1
Comment: PGP available outside U.S.A. at ftp.ox.ac.uk

#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281