Certificate proposal

Hal hfinney at shell.portal.com
Tue Oct 10 09:22:07 PDT 1995 

Bob Smart <smart at mel.dit.csiro.au> writes:

> >  Hence the problem has no solution and we should not
> > waste much time on it.

>Exactly. If a public key ONLY has an existence in cyberspace (as per
>Pr0duct Cipher) then it is impossible to prove that they aren't
>surrounded by a MITM cloud which is also seeing everything they
>see without them knowing it.

Well, I don't think this is true.  First of all, the MITM has limited
powers.  He may be able to perform certain automated and occasionally manual
replacements on messages, but he is not able to affect communications
which take place off of the net.  In particular, he is not able to stop
Pr0duct Cipher from reading Verisign's key fingerprint in the newspaper
and comparing it with his own copy of the key.  And if PC has a valid
Verisign key then he can know that he has a valid key for other people.
If he then sends mail to those people using their keys, the MITM cannot
control that mail.  Hence PC can communicate securely with other people
even if the MITM controls all of his network communication, contrary to
the claims of impossibility.

>It is important to be aware of this. However the importance is
>perhaps mitigated by the following considerations:

>1. Surrounding someone with such an MITM cloud is so hard as to
>   be impossible for practical purposes. This will be more true
>   if the person trying to establish a cyberspace identity can
>   prove that they move around physically and use different service
>   providers at different times [but then again perhaps if you
>   do that you cease to be a purely cyberspace entity].

If only one ISP is used (which is true for the vast majority of people)
and if they only get and send keys in specific ways then I would not say
it is impossible.  Look at programs like Satan or the internet worm.
They contain many different possible attacks.  Writing such programs is
almost an exercise in tedium as much as creativity.  In the same way it
would be possible for a filter program to anticipate a dozen or more
different ways in which a user might get keys from the net, and make
substitutions.  Doing it for any given method is not that hard, so it is
just a matter of motivation to do it for 99% of the ways people will
use.

>2. If the other end of the communication is a purely cyberspace
>   entity then you can't possibly establish the sort of relationship
>   which would enduce you to send them anything really secret. The
>   possibility that there might be a baddy playing MITM is 
>   infinitesimal compared to the probability that the other end
>   is itself a baddy.

Not necessarily.  As I argued before, we do establish trust relationships
in the real world.  And we do that on the basis of communication.  Yes,
in real life there are wider communication channels, nonverbal ways of
judging the sincerity of others.  But over time I would guess that online
relationships can take on the same character.  In fact, I have read
countless puff pieces about friendships, even romances, formed online.
The notion that you can't possibly establish the sort of relationships
online which would induce you to share secrets is demonstrably false, at
least for many people.

>The time you will want to deal with a cyberspace entity is where
>you are taking no risks and they are taking all the risks.
>This will hopefully be the case when we are a seller and they are
>the buyer. As long as we get the digital cash we don't care who
>they are.

That's an awfully limited way of looking at things.  We do a lot more
online than buy and sell.

>Apart from that we will always want some certificate that links the
>public key to something in the real world. The point of the
>key-centric approach is that that doesn't have to be a name or
>something that contains a name. If we want to make sure the key
>belongs to the person you were talking to last night then maybe you'd
>like some biometric data: "five foot two, eyes of blue,...". And
>of course the certificate is useless unless it is signed by a key
>that we trust for that purpose.

No, I don't think this is at all useful.  The VAST majority of people I
talk to on the net are people I have never met.  What earthly use is a
credential that key so-and-so belongs to a person with blond hair, in
helping me to establish secure communications?  Should we only talk
online to the miserable few people we live near who share our interests?
The net is global!  Virtual communities allow niche interests (like ours)
to attract people from all over the world.  Any scheme which requires
face to face meetings between every pair of participants is doomed.

Hal

More information about the cypherpunks-legacy mailing list