hfinney@shell.portal.com writes:
OK, but again, what about the man in the middle attack? Suppose the key that you found that claims to be from Bob is actually not his, but another one created by a man in the middle, such as Bob's malicious ISP?
You have several alternative means of verifying the key: 1) You can meet Bob at a local Pizza Hut and verify the key in person. 2) You can go through a variety of channels to a variety of other trusted entities and verify with them that they're using the same key for Bob. 3) You can set up some sorts of communications tests to "probe" for a MITM situation, perhaps by passing through "seeded" information (data taggants?).
I don't want to overstate the risk of this attack. It would not be an easy one to mount ... The risks of MITM attacks on public key systems was recognized not long after those systems were proposed. The problems with fake keys have been discussed for over a decade.
Why is this all suddenly irrelevant?
I don't think it is irrelevant, I just think it's orthogonal to the issue of whether a certificate for a key<-->entity relationship is considered to be the key or an adjunct to the key. I could be wrong, of course. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Nobody's going to listen to you if you just | Mike McNally (m5@tivoli.com) | | stand there and flap your arms like a fish. | Tivoli Systems, Austin TX | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~