[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: subjective names and MITM


Hello Hal <[email protected]>
  and [email protected]

hfinney wrote (but didn't sign):
> [email protected] writes (where I have taken the liberty of
> reformatting for 80 columns):
> > Now mail is far easier to fake/intercept than a digital
> > signature/encryption - at least I hope so. Therefore if Hal where to
> Well, this is not necessarily the case.  A MITM may be signing my
> messages for me, and then putting them back the way they were before I
> am allowed to see them.  Granted, this would not be easy, and perhaps
> futile.  Doesn't this bother you?

The point is that what if there's a MIMT who is changing the signatures
on the hfinney posts? What if originally they were signed "Alice" but
then a MIMT went and substituted "Hal"?

Then any reputation I attached to Hal should really go to Alice, no?
And even when I get a certified key for Hal, I still can't really put
the reputation onto it, since maybe the reputation really belongs to

Doesn't this bother you?

At least with digital signatures I can be certain that the same person
always signed the messages (and that ri cannot repuditate them), even
if I don't necessarily know who that person is. (I guess the issue
becomes plagiarism rather than impersonation.)

Hope that makes sense...

- --
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

Version: 2.6.2i