Jon Lasser <jlasser@rwd.goucher.edu> writes:
I think Hal and some other Cypherpunks (Me, You, Carl, etc.) are not proceeding from one of the same assumptions. Specifically, Hal seems to be proceeding from the assumption that the person "on the other end of the line" is in fact a known physical entity who has a meat reputation tied to the name. I'm proceeding from the assumption that the person on the other end of the line has no specific RL reputation that I'm basing the relationship on, just the online one.
Here's an example: There's someone on the list, now, apparently, with the name of "Steven Levy." Hal assumes that, when communicating with that "Steven Levy," one intends to communicate with the fairly-well-known journalist of that name, and thus certification of RL identity is important. I assume that, unless there's a specific reason otherwise, I want to have an intellectual conversation (or financial transaction, etc) that isn't predicated on this being "the" Steven Levy. In that case, certification of RL identity is irrelevant.
That is not exactly my point. My concern is avoiding the man in the middle attack. One way to do that is to find a certificate from Verisign saying that this key belongs to Steven Levy, ideally with other information that I can confirm relates to the on-line personage I wish to speak to. Presumably the MITM can't get a certificate for Steven Levy, unless by coincidence his name actually is Steven Levy, in which case the other information I mentioned will be helpful as well. Would you propose just to use an unsigned key that says it is for Steven Levy? Or perhaps a key without any name at all that someone told you was for him? That is the policy which I have been arguing against. The whole idea of communicating with keys, or not having key certificates or signatures, seems to me to leave open the possibility of man in the middle attacks. Isn't this a problem? Or are the difficulties of mounting a MITM attack considered so large that they can be neglected? I would just like to hear exactly what are the assumptions being made regarding this problem by those who oppose certificates. Hal