[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

Hal said:
> Try to think of it not in relativistic or epistemological terms, but
> rather look at it in terms of reality.  The real world exists, and in it
> exist real people.  We can agree on this much, right?  Two of these
> people want to communicate securely.  That is not such a stretch of the
> imagination, is it?  By "communicate securely" I mean they exchange
> information in such a way that other people don't receive it.

If the devil runs the entire network, Alice and Bob are out of luck.
They can't absolutely guarantee that this is not the case.

But as you point out, it is useless to say, "This key lets you talk
securely to Alice and anyone else who may be listening."  This
hard-codes your paranoid fantasies into the semantics of the system.
Overestimating the threat can result in bad decisions just as
underestimating can.  I've seen people on Usenet say, "The NSA can
break anything, so why bother with PGP?"

What we want is for two parties, presumed trustworthy, to be able to
communicate with some confidence that they are not being eavesdropped
upon by any opponent with realistic capabilities.  This is feasible.
This is a useful thing to be able to do.  Defining the problem away is
less useful. 

I could say more, but I'm not certain I really understand this whole
conversation, so I'll hold off for now.

   Eli Brandt
   [email protected]