[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal



	I rather figured there was miscommunication here.


> 
> It occurs to me that perhaps I have been missing a point here when people
> argue that having a "man in the middle" is not that different from
> various forms of secure communication, such as where Bob has multiple
> personalities or is a committee.  I have been taking this to mean that we
> should therefore not worry about MITM attacks, which seems crazy to me.
> 
> Instead perhaps this was meant as a "reductio ad absurdum" argument for
> why MITM attacks cannot be prevented in the scenario where people have no
> out-of-band contact.  Anything which could detect and prevent MITM
> attacks could, by this analogy, detect whether Bob had multiple
> personalities.  Since the latter is obviously impossible, the former must
> be as well.  Hence the problem has no solution and we should not
> waste much time on it.


	My point is not that MITM has no solution and that time should
not be wasted but that context (in many cases out-of-band contact, but
not necesarily) is an important factor when dealing with MITM. A
context-free situation is not a very useful thing to look at when
trying to solve MITM -- MITM should be looked at in context-based
situations.

> 
> I don't fully agree with this but at least it is not as bizarre as the
> first interpretation.
> 
> Hal
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
The Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			[email protected]