-----BEGIN PGP SIGNED MESSAGE----- I have the intuition that there has never been a successful MITM attack which has subverted the use of PGP authentication. If we could be sure of this hypothesis, then we could go about creating a strongly linked Web O Trust and then use it from now until such a future time as 1024-bit PGP keys are brute forceable. We could also use it to bootstrap bigger keys, a wider and more strongly- connected Web O Trust, etc. I can't think of any good way to test this hypothesis, however. One thing that we _could_ test is the difficulty of performing such an attack. If I had the cash, I would post a reward for anyone who could successfully run a demo MITM attack on two unsuspecting stooges. I would (of course) specify with more precision what would constitute a successful attack, how it would be proven to me that the attack was successful and so forth. But I don't have sufficient cash to motivate such a trick, and there would be some very complicated ethical and logistic questions about performing it. I still have a strong intuition that I could keep my cash if I made such a proposal and gave it a few simple stipulations (such as that the attacker would have to forge important material in the victim's name rather than just use the attack to eavesdrop...). The successful attacker would have to have the ability to get in the middle of TCP/IP connections as well as perhaps telephone connections, as well as have formidable computational and "social-engineering" (really: "-cracking") resources. more later, Bryce  -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.1b2 iQB1AwUBMYSIhkjbHy8sKZitAQHKYwL+Mj/4G5JW5F+v6w3+PqIIacC1BBNfnHqR rO5ra8bFAeGwz7vmIcmyQAxU/3PW/jjsLv0lo5f0j4eiQ/iDBYUjVUKKWfjDMzSi qIj1HNiHOq1eZ+M1rqvchwVRFTZazXsi =YUmd -----END PGP SIGNATURE-----