[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

To: [email protected] (Bob Smart)
Subject: Re: Certificate proposal
From: Adam Shostack <[email protected]>
Date: Tue, 10 Oct 1995 10:22:25 -0400 (EDT)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]> from "Bob Smart" at Oct 10, 95 10:02:17 am
Sender: [email protected]


	"Never underestimate the effort your opponent will expend on
cryptanalysis."  -- Robert Morris, Sr., speaking at Crypto '95

	If a MITM attack would be useful, then there will be times
when one will be mounted.  It might take 30 law enforcement officers
to do it, but it has been demonstrated that the FBI will use that many
people for a year or more on some cases.  The CIA and NSA can be
presumed to be willing to spend more time and effort to get certain
results.

Bob Smart wrote:

| Exactly. If a public key ONLY has an existence in cyberspace (as per
| Pr0duct Cipher) then it is impossible to prove that they aren't
| surrounded by a MITM cloud which is also seeing everything they
| see without them knowing it.
| 
| It is important to be aware of this. However the importance is
| perhaps mitigated by the following considerations:
| 
| 1. Surrounding someone with such an MITM cloud is so hard as to
|    be impossible for practical purposes. This will be more true
|    if the person trying to establish a cyberspace identity can
|    prove that they move around physically and use different service
|    providers at different times [but then again perhaps if you

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

Follow-Ups:
- Re: Certificate proposal
  - From: [email protected] (Mike McNally)

References:
- Re: Certificate proposal
  - From: Bob Smart <[email protected]>

Prev by Date: Re: Distributed co-operative theorem proving, anyone? - was Java
Next by Date: Re: Java
Prev by thread: Re: Certificate proposal
Next by thread: Re: Certificate proposal
Index(es):
- Date
- Thread