Re: subjective names and MITM

[Jiri Baum <jirib@sweeney.cs.monash.edu.au>]

-----BEGIN PGP SIGNED MESSAGE-----

Hello Hal <hfinney@shell.portal.com>
  and cypherpunks@toad.com

hfinney wrote (but didn't sign):
> jbaber@mi.leeds.ac.uk writes (where I have taken the liberty of
> reformatting for 80 columns):
> 
> > Now mail is far easier to fake/intercept than a digital
> > signature/encryption - at least I hope so. Therefore if Hal where to
...
> 
> Well, this is not necessarily the case.  A MITM may be signing my
> messages for me, and then putting them back the way they were before I
> am allowed to see them.  Granted, this would not be easy, and perhaps
...
> futile.  Doesn't this bother you?

The point is that what if there's a MIMT who is changing the signatures
on the hfinney posts? What if originally they were signed "Alice" but
then a MIMT went and substituted "Hal"?

Then any reputation I attached to Hal should really go to Alice, no?
And even when I get a certified key for Hal, I still can't really put
the reputation onto it, since maybe the reputation really belongs to
Alice.

Doesn't this bother you?

At least with digital signatures I can be certain that the same person
always signed the messages (and that ri cannot repuditate them), even
if I don't necessarily know who that person is. (I guess the issue
becomes plagiarism rather than impersonation.)


Hope that makes sense...

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMIyOySxV6mvvBgf5AQFJUQP/Wf8wHYUw4JbE4PBxWbSX1nzgOA2EYYsn
L2FuBjKuLXqAG+xRSdJe8ySgaqiPV1JWP16NX97x5YOkMH99DMH73DMmYntvmYy1
G6NdXxhejLQgv0vx0VmVCE171ACB4A+uNe3b6EAsbsKTvd3b5TOWDl9KFQ5wtqGf
VK0o3j6S95U=
=QdEN
-----END PGP SIGNATURE-----