[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate proposal
Mike McNally writes
>
>Scott Brickner writes:
> > I disagree. The MITM is foiled by one successful communication.
>
>I'm going to need some clarification of this; what is meant by
>"successful"? If you mean "a communication without a MITM
>participating", and presuming also that that communication would
>involve a key validation, then I suppose it's true. However, I don't
>see how this success can be evaluated if the parties do not have
>nearly complete control over the communications substrate.
By "successful" I mean communicating without the MITM *interfering*.
Either the parties need to exchange a symmetric key without the MITM
eavesdropping, or exchange asymmetric keys without the MITM modifying
them.
The chance of failure is minimized by diversity in the channels used to
try to bypass the MITM. The issue becomes one of risk management. If
you can't afford a failure, you *do* need a channel over which you have
nearly complete control. The simplest such channel is a physical
meeting, during which you exchange public keys. If the MITM threat is
from your ISP, you are likely to bypass his control with the telephone
network. Any single success is adequate.