[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate proposal
[email protected] writes:
> >just alice. From Bob's perspective, Alice is really an alias for
> >ISP+Alice. (The same goes for Alice in the other direction.)
> What difference does it make? I'll tell you. It means that their
> conversation is not private! It means that their cryptography is
> useless, that it has failed.
But if by all means available Bob and Alice satisfy themselves that
their conversation *is* secure, then (until they're proven wrong) it
might as well be. They have satisfied themselves *at least* that
their messages are in fact encrypted at some point, just as if they
walked into a room, looked around, and satisfied themselves that there
are no hidden microphones. I don't see how you can ever do any better
than this if you're willing to imagine arbitrary powerful
> This is not a useful or appropriate way to think of the world, IMO. If
> you do this, then from your perspective people become bafflingly
> unreliable. I wrote all about this before.
Gee, in my reality people already *are* bafflingly unreliable. (You
must not be watching enough afternoon trash talk shows.)
> Try to think of it not in relativistic or epistemological terms, but
> rather look at it in terms of reality. The real world exists, and in it
> exist real people. We can agree on this much, right? Two of these
> people want to communicate securely. That is not such a stretch of the
> imagination, is it? By "communicate securely" I mean they exchange
> information in such a way that other people don't receive it.
What, however, is the real difference between the MITM scenario in a
purely electronic relationship, and a "phony personality in the
middle" attack on a "flesh" relationship? You *think* you're working
with a realtor to buy a house, but in fact it's a con artist that
betrays your trust and rips you off. You *think* you've found the
love of your life, but in reality it's just somebody who wants to use
you for sex. There are no guarantees.
Let me ask this: how do you *guarantee* that you're having a truly
private in-the-flesh correspondence with a person? And, having done
that, how do you *guarantee* that the other person will behave in an
absolutely trustworthy fashion?
> Now surely it is clear that with this definition of the problem,
> approaches which redefine people to mean people+eavesdroppers are not
> responsive. Perhaps the motivation to do so is simply the belief that
> the problem is not solvable as stated. If so, I'd like to hear someone
> say this.
I certainly don't know how to solve it, but I wouldn't trust me if I
were you :-)
| Nobody's going to listen to you if you just | Mike McNally ([email protected]) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX |