[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal



sameer <[email protected]> writes:

>	In the situation you cite, Bob doesn't know Alice apart from
>their email correspondence?

Right.  My goal is to have a system in which two individuals who have
never met can communicate securely.  This is not too radical a notion, I
trust.  In fact, I would go so far as to say that to a considerable
extent it is the whole point of public key cryptography.

>	In this case the ISP is acting as extension-of-alice. Bob
>thinks he is talking to Alice but he is talking to ISP+Alice. What
>difference does it make, if Bob has no knowledge of Alice outside
>their email discussion, that Bob is talking to ISP+ Alice rather than
>just alice. From Bob's perspective, Alice is really an alias for
>ISP+Alice. (The same goes for Alice in the other direction.)

What difference does it make?  I'll tell you.  It means that their
conversation is not private!  It means that their cryptography is
useless, that it has failed.  It means they have an unsecure channel.  I
don't know how I can put it more plainly than this.  I wrote a long
article a few days ago arguing that they almost might as well not use
cryptography if they're going to adopt this stance.  Let anyone
eavesdrop, and from Bob's point of view when he thinks he is talking to
Alice he is actually talking to eavesdroppers+Alice.  From his point of
view, Alice is just an alias for eavesdroppers+Alice.  Etc., etc.

>	In tim's words, from alice's point of view "Bob the key" ==
>"BOB the person and Bob's ISP". From Bob's point of view "Alice the
>key" == "Alice the person & Bob's ISP".

This is not a useful or appropriate way to think of the world, IMO.  If
you do this, then from your perspective people become bafflingly
unreliable.  I wrote all about this before.

>	The MITM attack only matters if there is a context outside the
>email correpondence. (Say, perhaps, a drug deal which involves real
>physical goods.) 

Try to think of it not in relativistic or epistemological terms, but
rather look at it in terms of reality.  The real world exists, and in it
exist real people.  We can agree on this much, right?  Two of these
people want to communicate securely.  That is not such a stretch of the
imagination, is it?  By "communicate securely" I mean they exchange
information in such a way that other people don't receive it.

Now surely it is clear that with this definition of the problem,
approaches which redefine people to mean people+eavesdroppers are not
responsive.  Perhaps the motivation to do so is simply the belief that
the problem is not solvable as stated.  If so, I'd like to hear someone
say this.

Hal