[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

It occurs to me that perhaps I have been missing a point here when people
argue that having a "man in the middle" is not that different from
various forms of secure communication, such as where Bob has multiple
personalities or is a committee.  I have been taking this to mean that we
should therefore not worry about MITM attacks, which seems crazy to me.

Instead perhaps this was meant as a "reductio ad absurdum" argument for
why MITM attacks cannot be prevented in the scenario where people have no
out-of-band contact.  Anything which could detect and prevent MITM
attacks could, by this analogy, detect whether Bob had multiple
personalities.  Since the latter is obviously impossible, the former must
be as well.  Hence the problem has no solution and we should not
waste much time on it.

I don't fully agree with this but at least it is not as bizarre as the
first interpretation.