Mike McNally writes
Scott Brickner writes:
I disagree. The MITM is foiled by one successful communication.
I'm going to need some clarification of this; what is meant by "successful"? If you mean "a communication without a MITM participating", and presuming also that that communication would involve a key validation, then I suppose it's true. However, I don't see how this success can be evaluated if the parties do not have nearly complete control over the communications substrate.
By "successful" I mean communicating without the MITM *interfering*. Either the parties need to exchange a symmetric key without the MITM eavesdropping, or exchange asymmetric keys without the MITM modifying them. The chance of failure is minimized by diversity in the channels used to try to bypass the MITM. The issue becomes one of risk management. If you can't afford a failure, you *do* need a channel over which you have nearly complete control. The simplest such channel is a physical meeting, during which you exchange public keys. If the MITM threat is from your ISP, you are likely to bypass his control with the telephone network. Any single success is adequate.