On Fri, 28 Jun 2002, Marcel Popescu wrote:
Well... I assume an active MITM (like my ISP). He's able to intercept my public key request and change it. Plus, I now realize I should have put an even harder condition - no previously shared *information*, even if it's public. I need to know if two complete strangers can communicate securely over an insecure network, even if they communicate through an untrusted party. Wasn't there a protocol for two prisoners communicating through an untrusted guard?
Can't be done. You must have multiple channels, and you need to hope that all of them can't be spoofed. A phone call, a newspaper ad, a bill board, a satallite link, any one of them might be spoofed. But to spoof *all* of them would be very hard. If you use some kind of "security by obscurity" method, you can do something once. but for general security, it's not possible to just go via the net without an out-of-band check. A public posting of the key id is a pretty safe way for a large company or organization. A .sig with your key id is another good way, it leaves traces all over the net for a long time. The point is that you have to leave some kind of trace that's checkable via an effective alternate channel. Otherwise, the MITM wins. Patience, persistence, truth, Dr. mike