I rather figured there was miscommunication here.
It occurs to me that perhaps I have been missing a point here when people argue that having a "man in the middle" is not that different from various forms of secure communication, such as where Bob has multiple personalities or is a committee. I have been taking this to mean that we should therefore not worry about MITM attacks, which seems crazy to me.
Instead perhaps this was meant as a "reductio ad absurdum" argument for why MITM attacks cannot be prevented in the scenario where people have no out-of-band contact. Anything which could detect and prevent MITM attacks could, by this analogy, detect whether Bob had multiple personalities. Since the latter is obviously impossible, the former must be as well. Hence the problem has no solution and we should not waste much time on it.
My point is not that MITM has no solution and that time should not be wasted but that context (in many cases out-of-band contact, but not necesarily) is an important factor when dealing with MITM. A context-free situation is not a very useful thing to look at when trying to solve MITM -- MITM should be looked at in context-based situations.
I don't fully agree with this but at least it is not as bizarre as the first interpretation.
Hal
-- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org