hfinney@shell.portal.com writes:
just alice. From Bob's perspective, Alice is really an alias for ISP+Alice. (The same goes for Alice in the other direction.)
What difference does it make? I'll tell you. It means that their conversation is not private! It means that their cryptography is useless, that it has failed.
But if by all means available Bob and Alice satisfy themselves that their conversation *is* secure, then (until they're proven wrong) it might as well be. They have satisfied themselves *at least* that their messages are in fact encrypted at some point, just as if they walked into a room, looked around, and satisfied themselves that there are no hidden microphones. I don't see how you can ever do any better than this if you're willing to imagine arbitrary powerful men-in-the-middle.
This is not a useful or appropriate way to think of the world, IMO. If you do this, then from your perspective people become bafflingly unreliable. I wrote all about this before.
Gee, in my reality people already *are* bafflingly unreliable. (You must not be watching enough afternoon trash talk shows.)
Try to think of it not in relativistic or epistemological terms, but rather look at it in terms of reality. The real world exists, and in it exist real people. We can agree on this much, right? Two of these people want to communicate securely. That is not such a stretch of the imagination, is it? By "communicate securely" I mean they exchange information in such a way that other people don't receive it.
What, however, is the real difference between the MITM scenario in a purely electronic relationship, and a "phony personality in the middle" attack on a "flesh" relationship? You *think* you're working with a realtor to buy a house, but in fact it's a con artist that betrays your trust and rips you off. You *think* you've found the love of your life, but in reality it's just somebody who wants to use you for sex. There are no guarantees. Let me ask this: how do you *guarantee* that you're having a truly private in-the-flesh correspondence with a person? And, having done that, how do you *guarantee* that the other person will behave in an absolutely trustworthy fashion?
Now surely it is clear that with this definition of the problem, approaches which redefine people to mean people+eavesdroppers are not responsive. Perhaps the motivation to do so is simply the belief that the problem is not solvable as stated. If so, I'd like to hear someone say this.
I certainly don't know how to solve it, but I wouldn't trust me if I were you :-) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~