[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal




I have been following this MITM argument, and find the reasons for
the presentation of some of the arguments confusing.

I'm near certain everyone of those arguing understands public key, and
the use of out of band channels (physical meeting, paper mail,
alternate information provider, plastering public key hashes (eg PGP
fingerprints) everywhere by all comms mediums available, etc) to build
a web of trust, and hence reduce chances of a MITM.

I think I have seen two roughly equivalent views of the relationships
between keys and names presented, and these could be sumarised:

a) a person has-a key

 ("has-a" in an entity relationship diagram sense -- it is somthing
  that a person posses), that person may or may not choose to go by
  their true name, whilst using that key)

a) a key has attributes one of which could (optionally) be a true name

both cases use the same techniques of using all available out of band
comms channels, to make life as tough as possible for the MITM.

So far so good.

Now the puzzling stuff is people who appear to be arguing that MITM is
unimportant, and the whole thing revolves around some relativistic
world view, and it somehow doesn't matter if there is an eavesdropper
so long as you have not yet discovered this.

As it quite clearly does matter, and I can't see how that view
provides anything useful, I assume that there is some theoretical
point these people are trying to make which I fail to grasp.

Anyone care to fill me in as to what this concept is?

Perhaps the view is based on the fact that there are plenty of
situations where you don't care what an entities name is, and hence
the attribute which should be under discussion is credit worthiness,
or reliability, but still you need to protect against MITM, using
whatever channels and means available.  I don't see how this alters
the argument.

Adam