[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate proposal

To: [email protected] (Mike McNally)
Subject: Re: Certificate proposal
From: [email protected] (Scott Brickner)
Date: Tue, 10 Oct 1995 10:32:40 -0500
Cc: [email protected], [email protected]
In-Reply-To: (Your message of Tue, 10 Oct 1995 07:43:27 CDT.) <9510101243.AA28296@alpha>
Sender: [email protected]

Mike McNally writes
>
>Scott Brickner writes:
> > I disagree.  The MITM is foiled by one successful communication. 
>
>I'm going to need some clarification of this; what is meant by
>"successful"?  If you mean "a communication without a MITM
>participating", and presuming also that that communication would
>involve a key validation, then I suppose it's true.  However, I don't
>see how this success can be evaluated if the parties do not have
>nearly complete control over the communications substrate.

By "successful" I mean communicating without the MITM *interfering*.
Either the parties need to exchange a symmetric key without the MITM
eavesdropping, or exchange asymmetric keys without the MITM modifying
them.

The chance of failure is minimized by diversity in the channels used to
try to bypass the MITM.  The issue becomes one of risk management.  If
you can't afford a failure, you *do* need a channel over which you have
nearly complete control.  The simplest such channel is a physical
meeting, during which you exchange public keys.  If the MITM threat is
from your ISP, you are likely to bypass his control with the telephone
network.  Any single success is adequate.

References:
- Re: Certificate proposal
  - From: [email protected] (Mike McNally)

Prev by Date: My Last Message
Next by Date: truth in advertising: Netscape 1.1 on security
Prev by thread: Re: Certificate proposal
Next by thread: Re: Certificate proposal
Index(es):
- Date
- Thread