subjective names and MITM

Hal hfinney at shell.portal.com
Tue Oct 24 10:14:29 PDT 1995


Jiri Baum <jirib at sweeney.cs.monash.edu.au> writes:

>hfinney wrote (but didn't sign):
>> Well, this is not necessarily the case.  A MITM may be signing my
>> messages for me, and then putting them back the way they were before I
>> am allowed to see them.  Granted, this would not be easy, and perhaps
>...
>> futile.  Doesn't this bother you?

>The point is that what if there's a MIMT who is changing the signatures
>on the hfinney posts? What if originally they were signed "Alice" but
>then a MIMT went and substituted "Hal"?

>Then any reputation I attached to Hal should really go to Alice, no?
>And even when I get a certified key for Hal, I still can't really put
>the reputation onto it, since maybe the reputation really belongs to
>Alice.

>Doesn't this bother you?

Yes, this is a problem with the use of certificates to try to detect
the MITM.  As I wrote before, there is still a way in which certs can
be useful.  Your attack shows that you can't use true name certificates
to confirm that there is no MITM in front of Alice.  However, you can
use them to detect a MITM who is interposing himself between you and
the rest of the net.  In other words, if I am Alice, I can use
certificates to make sure that no MITM is behaving as above, altering
my messages and signing them "Hal".

What I do is to acquire a valid signature key via offline means, and use
that to validate the keys of people I want to communicate with.  I am
then able to send them messages securely, and ask them to confirm that my
keys and user name do match those which appear in messages I have posted.
The MITM is not able to know the contents of these messages which I send,
hence he can't stop me from finding out his existence.

>At least with digital signatures I can be certain that the same person
>always signed the messages (and that ri cannot repuditate them), even
>if I don't necessarily know who that person is. (I guess the issue
>becomes plagiarism rather than impersonation.)

IMO by itself knowing that the same person signed every one of a set of
messages is not that useful, since anyone can sign any message.

Hal






More information about the cypherpunks-legacy mailing list