[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

Don M. Kitchen writes:
 > >  If we are forced to exchange keys remotely, then perhaps some sort of
 > >  "proof" techniques could be used to establish to some level of
 > >  assurance that the remote entity I *think* is you is really you.  Or
 > So who is Pr0duct Cypher then? And why should I have to produce ID saying 
 > my name is Don, unless I'm proving my Real Name[tm] is Don.

Right.  If we're forced to exchange keys remotely, I just have to deal
with the possibility that I'm being spoofed.

 > >  you could provide me with a key, and then I could poll a list of
 > >  references to inquire as to the "goodness" of the key.  This seems to
 > But there's no way to prove that there's no MITM. But "middle" is a
 > subjective term.

Yes, that's why I put "proof" in quotes.  I guess I meant "demonstrate
to a personally sufficient level of satisfaction".

| Nobody's going to listen to you if you just | Mike McNally ([email protected]) |
| stand there and flap your arms like a fish. | Tivoli Systems, Austin TX    |