Hal writes:
Try to think of it not in relativistic or epistemological terms, but rather look at it in terms of reality. The real world exists, and in it exist real people. We can agree on this much, right? Two of these people want to communicate securely. That is not such a stretch of the imagination, is it? By "communicate securely" I mean they exchange information in such a way that other people don't receive it.
Now surely it is clear that with this definition of the problem, approaches which redefine people to mean people+eavesdroppers are not responsive. Perhaps the motivation to do so is simply the belief that the problem is not solvable as stated. If so, I'd like to hear someone say this.
This whole issue is a philosophical one. The issue is the "ontology" of electronic relationships. The argument presented is analogous to the "Turing test" for artificial intelligence. The MITM is relevant only where two commuicating parties share no channels which the MITM doesn't control, otherwise they exchange one secret over such a channel and Mitch is hosed (with probability 1/2^h, where h is the entropy of the secret). Now, if Alice communicates with an entity she knows as "Bob", which in "reality" is Bob filtered by Mitch, I think we can readily agree that Alice probably cannot communicate securely with Bob. She *can*, however, communicate in perfect secrecy with "Bob" -- the amalgamation of Bob and Mitch. The ontological issue comes about when we ask who it is with whom Alice *wants* to communicate. I'd maintain that Bob has no ontological status with Alice. She knows nothing of Bob, only of "Bob". Therefore, she must be intending to communicate with "Bob", and her communication is secure. An entity cannot have a meaningful ontological status until some communication occurs. The status which results from the communication is "the entity, calling itself Bob, with whom I communicated over channel X". When a second communication occurs, we may have "the entity, calling itself Bob, with whom I communicated over channel Y". If the second communication contains an authenticating transaction, then we can note that the two entities are the same. This is what we really mean by authentication, anyway. As long as Mitch is successful in his MITM attack, then Bob is not an entity with respect to Alice. If Alice finds a key that purports to belong to Bob, about whom she previously knows nothing, what possible relevance can it have whether it really belongs to Bob or to "Bob" --- there is nothing in Alice's mind to distinguish the two. If Alice finds a key that purports to belong to Carol, about whom she knows something, then she must execute an authentication protocol with the new key to verify that the entity with whom it permits communication is actually Carol, and not "Carol". Identifying the key with the person is entirely reasonable, if the key is what introduced the person to you (and thus ontologically created the entity). If the introduction happens prior to receiving the key, then authentication becomes necessary to avoid MITM.