[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

	In the situation you cite, Bob doesn't know Alice apart from
their email correspondence?

	In this case the ISP is acting as extension-of-alice. Bob
thinks he is talking to Alice but he is talking to ISP+Alice. What
difference does it make, if Bob has no knowledge of Alice outside
their email discussion, that Bob is talking to ISP+ Alice rather than
just alice. From Bob's perspective, Alice is really an alias for
ISP+Alice. (The same goes for Alice in the other direction.)

	In tim's words, from alice's point of view "Bob the key" ==
"BOB the person and Bob's ISP". From Bob's point of view "Alice the
key" == "Alice the person & Bob's ISP".

	The MITM attack only matters if there is a context outside the
email correpondence. (Say, perhaps, a drug deal which involves real
physical goods.) 

	More concretely, All I know of 'Hal' is through is emails. If
his ISP is intercepting the email between him and me, then my
definition of 'Hal' is 'Hal+ISP' -- it doesn't make a real difference
unless there is another context involved.

	(The MITM is still -important- though, because in most
situations there *is* some external context)

> [email protected] (Timothy C. May) writes:
> >For communication, the only credential Alice needs to ensure that only Bob
> >can read her message is that she uses Bob's public key. If "Bob the Key"
> >reads it, presumably it was "Bob the Person" who read it.
> >(Again, Bob the Key = Bob the Person to many of us. If Bob the Person has
> >let his private key out, so that Chuck the Person is also able to read the
> >Bob the Key stuff, etc., then of course cryptography cannot really handle
> >this situtation.)
> OK, but again, what about the man in the middle attack?  Suppose the
> key that you found that claims to be from Bob is actually not his, but
> another one created by a man in the middle, such as Bob's malicious
> ISP?  Then that ISP is decrypting the messages Alice sends to him using
> that fake key, and re-encrypting them using Bob's real key.  He is
> reading all of the messages, and Alice and Bob do not in fact have
> communications privacy.
> I don't want to overstate the risk of this attack.  It would not be an
> easy one to mount and I believe there are countermeasures which could
> detect it unless the MITM had nearly supernatural powers.  But the MITM
> attack is normally considered seriously in discussing crypto protocols.
> It is a well known weakness in Diffie-Hellman, for example.  That is why
> authenticated Diffie Hellman is used in some of the newly proposed key
> exchange protocols for IP.  The risks of MITM attacks on public key
> systems was recognized not long after those systems were proposed.  The
> problems with fake keys have been discussed for over a decade.
> Why is this all suddenly irrelevant?  Were these attacks never realistic?
> Is it just not a problem somehow?  I am baffled by the fact that people
> are just turning their backs on all these years of research and
> experience.  If this is some kind of paradigm shift in which the idea of
> communicating with keys is seen as the key to the puzzle, then I am
> afraid I don't share the enlightenment.  To me the problem seems as real
> as ever.
> Hal

sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			[email protected]