[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

	"Never underestimate the effort your opponent will expend on
cryptanalysis."  -- Robert Morris, Sr., speaking at Crypto '95

	If a MITM attack would be useful, then there will be times
when one will be mounted.  It might take 30 law enforcement officers
to do it, but it has been demonstrated that the FBI will use that many
people for a year or more on some cases.  The CIA and NSA can be
presumed to be willing to spend more time and effort to get certain

Bob Smart wrote:

| Exactly. If a public key ONLY has an existence in cyberspace (as per
| Pr0duct Cipher) then it is impossible to prove that they aren't
| surrounded by a MITM cloud which is also seeing everything they
| see without them knowing it.
| It is important to be aware of this. However the importance is
| perhaps mitigated by the following considerations:
| 1. Surrounding someone with such an MITM cloud is so hard as to
|    be impossible for practical purposes. This will be more true
|    if the person trying to establish a cyberspace identity can
|    prove that they move around physically and use different service
|    providers at different times [but then again perhaps if you

"It is seldom that liberty of any kind is lost all at once."