[14490] in cryptography@c2.net mail archive
Re: anonymous DH & MITM
daemon@ATHENA.MIT.EDU (Tim Dierks)
Sat Oct 4 14:48:28 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 03 Oct 2003 19:31:56 -0400
To: Jerrold Leichter <jerrold.leichter@smarts.com>
From: Tim Dierks <tim@dierks.org>
Cc: Cryptography list <cryptography@metzdowd.com>
In-Reply-To: <Pine.GSO.4.58.0310031822130.6880@frame>
I'm lost in a twisty page of MITM passages, all alike.
My point was that in an anonymous protocol, for Alice to communicate with
Mallet is equivalent to communicating with Bob, since the protocol is
anonymous: there is no distinction. All the concept of MITM is intended to
convey is that in an anonymous protocol, you don't know who you're talking
to, period. Mallet having two conversations with Alice & Bob is equivalent
to Mallet intermediating himself into a conversation between Alice & Bob.
If you have some unintermediated channel to speak with a known someone
once, you can exchange a value or values which will allow you to
authenticate each other forevermore and detect any intermediations in the
past. But the fundamental truth is that there's no way to bootstrap a
secure communication between two authenticated parties if all direct &
indirect communications between those parties may be intermediated. (Call
this the 'brain in a jar' hypothesis.)
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
