[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MITM attacks and True Names (again...)



One of the reasons people don't like solutions based on True Names is
because nyms don't have them.  Pr0duct Cypher can't very well go to
someone, show a drivers license, and get his key signed.

There is still a way in which signed, true-name-based keys can be useful
to nyms.  Maybe they can't get their own keys signed in this mode, but
they can check the keys of others.

If Pr0duct Cypher, under his secret identity, goes out and gets valid
keys that he can trust (maybe he sees Verisign's key fingerprint in the
newspaper), then if I send him my key signed by someone he trusts, he
can check the signature.  He can then send data to me encrypted with my
actual key, and the MITM can't do anything about it.  So the presence
of my True Name based key allows us to communicate securely.

This doesn't help for the case of two nyms who want to communicate,
though.  For that we do need a mode in which nyms can get their keys
signed.  I do think that there are some situations in which that is
plausible, based on the difficulty of mounting a MITM attack against
someone who is determined to try to detect it.  In the most extreme case
the MITM has to simulate the whole outside world with respect to the
person he is targetting, which is infeasible.  Various tricks like
sending hashes of future messages have been discussed; the MITM can't let
these through since the future message may include the true key that he
is hiding.  If people are then supposed to reply to these hashes, all of
the replies have to be simulated by the MITM.  Eventually it seems that
the MITM becomes enmeshed so deeply in his own lies that he would get
caught.  If steps like these are taken successfully it should be
reasonable to sign a nym's key, with the semantics being that either this
is the real key of the sender, or he has a nearly omnipotent MITM
surrounding him.

Hal