subjective names and MITM
Jiri Baum
jirib at sweeney.cs.monash.edu.au
Tue Oct 24 00:10:45 PDT 1995
-----BEGIN PGP SIGNED MESSAGE-----
Hello Hal <hfinney at shell.portal.com>
and cypherpunks at toad.com
hfinney wrote (but didn't sign):
> jbaber at mi.leeds.ac.uk writes (where I have taken the liberty of
> reformatting for 80 columns):
>
> > Now mail is far easier to fake/intercept than a digital
> > signature/encryption - at least I hope so. Therefore if Hal where to
...
>
> Well, this is not necessarily the case. A MITM may be signing my
> messages for me, and then putting them back the way they were before I
> am allowed to see them. Granted, this would not be easy, and perhaps
...
> futile. Doesn't this bother you?
The point is that what if there's a MIMT who is changing the signatures
on the hfinney posts? What if originally they were signed "Alice" but
then a MIMT went and substituted "Hal"?
Then any reputation I attached to Hal should really go to Alice, no?
And even when I get a certified key for Hal, I still can't really put
the reputation onto it, since maybe the reputation really belongs to
Alice.
Doesn't this bother you?
At least with digital signatures I can be certain that the same person
always signed the messages (and that ri cannot repuditate them), even
if I don't necessarily know who that person is. (I guess the issue
becomes plagiarism rather than impersonation.)
Hope that makes sense...
Jiri
- --
If you want an answer, please mail to <jirib at cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMIyOySxV6mvvBgf5AQFJUQP/Wf8wHYUw4JbE4PBxWbSX1nzgOA2EYYsn
L2FuBjKuLXqAG+xRSdJe8ySgaqiPV1JWP16NX97x5YOkMH99DMH73DMmYntvmYy1
G6NdXxhejLQgv0vx0VmVCE171ACB4A+uNe3b6EAsbsKTvd3b5TOWDl9KFQ5wtqGf
VK0o3j6S95U=
=QdEN
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list