CDR: Re: Public Key Infrastructure: An Artifact...
On Thu, 16 Nov 2000 obfuscation@beta.freedom.net wrote:
Bram Cohen writes:
In the vast majority of cases, preventing man in the middle attacks is a waste of time.
In the sense that, in the vast majority of communications, there is no man in the middle attack being mounted?
Yes.
Couldn't the same thing be said of cryptography, since in the vast majority of cases there is no eavesdropping?
Yes, but it's a less vast majority than the ones for which man in the middle is happening.
The point in both cases is that if you construct a protocol which has weaknesses, eventually people may begin to exploit them.
And if you build a protocol which is a pain to use, noone will use it. -Bram Cohen
Bram Cohen wrote:
On Thu, 16 Nov 2000 obfuscation@beta.freedom.net wrote:
Bram Cohen writes:
In the vast majority of cases, preventing man in the middle attacks is a waste of time.
In the sense that, in the vast majority of communications, there is no man in the middle attack being mounted?
Yes.
Couldn't the same thing be said of cryptography, since in the vast majority of cases there is no eavesdropping?
Yes, but it's a less vast majority than the ones for which man in the middle is happening.
The point in both cases is that if you construct a protocol which has weaknesses, eventually people may begin to exploit them.
And if you build a protocol which is a pain to use, noone will use it.
What, like SSL, for example? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
On Sat, 18 Nov 2000, Ben Laurie wrote:
Bram Cohen wrote:
And if you build a protocol which is a pain to use, noone will use it.
What, like SSL, for example?
SSL is not a pain to use, and it isn't effective against man in the middle attacks, since an attacker could simply make the end user connection be done via unencrypted http and most end users wouldn't notice. It is, however, quite effective against passive attacks, which is all that's really important. -Bram Cohen
participants (2)
-
Ben Laurie -
Bram Cohen