[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

I've never thought Hal just wasn't "getting it," as the semantic issues
involving True Names, spoofing, and the ultimate reality of whom one is
dealing with are not simple issues.

At 11:16 PM 10/9/95, Hal wrote:
>It occurs to me that perhaps I have been missing a point here when people
>argue that having a "man in the middle" is not that different from
>various forms of secure communication, such as where Bob has multiple
>personalities or is a committee.  I have been taking this to mean that we
>should therefore not worry about MITM attacks, which seems crazy to me.
>Instead perhaps this was meant as a "reductio ad absurdum" argument for
>why MITM attacks cannot be prevented in the scenario where people have no
>out-of-band contact.  Anything which could detect and prevent MITM
>attacks could, by this analogy, detect whether Bob had multiple
>personalities.  Since the latter is obviously impossible, the former must
>be as well.  Hence the problem has no solution and we should not
>waste much time on it.

I think I made the "multiple personalities" and "Man in the middle stole my
brain" points pretty clearly in a satirical post I did last week. Nobody
commented on it, for whatever reasons. In case anyone didn't see it, I'll
include it again here:

Date: Fri, 6 Oct 1995 17:22:06 -0700
X-Sender: [email protected]
Mime-Version: 1.0
To: [email protected]
From: [email protected] (Timothy C. May)
Subject: MITM = Medusa in the Middle
Sender: [email protected]
Precedence: bulk

At 5:08 PM 10/6/95, the personality masquerading as Hal wrote:

>Well, this is not necessarily the case.  A MITM may be signing my
>messages for me, and then putting them back the way they were before I
>am allowed to see them.  Granted, this would not be easy, and perhaps
>the difficulty of this would be great enough that you will feel
>comfortable using an unsigned key.  But if it were accomplished, then
>your messages to me would actually be insecure.  No matter how
>convinced you became of my sincerity and trustworthiness, actually our
>conversations would be overheard by a third party despite both of our
>efforts to the contrary.  Our use of encryption would be rendered
>futile.  Doesn't this bother you?

What the putative entity "Hal" is only hinting at, hypothetically, has
actually forced this entity, sometimes known to many of you as "Tim," or as
"tcmay," to reveal.

This entity now feels the time has come to reveal it's True Nature, even
though some have suspected it's True Nature (Lance, are you listening?).

The "real" Timothy C. May has been locked in his room since 1983, fed
through a slot in his door, and generally mentally tortured by
Instrumentalities such as Ourself.

We have interposed Ourself between the Real Timothy C. May and those who
have communicated with him. All communications intended for Timothy C. May
have actually been intercepted and processed by Us, and all communications
attributed to Timothy C. May were actually generated by us. Very clever of
us, don't you think? Very few have even expressed suspicions that this was
the case.

We have called our approach the "Medusa in the Middle," or MITM.

Thank you for your attention.


Views here are not the views of my Internet Service Provider or Government.
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."