Grigg counts the benefits of living in a MITM-protected world (no MITM attacks recorded), as though they would happen with or without MITM protection. Is there any reason to believe that's this is, in fact, true? That is, if zero dollars were spent on MITM protection, would there still be no recoreded attacks? Until that's answered, Grigg's "economic" analysis is flawed.
"I used to get picked on, but since I bulked up and learned karate, nobody's picked on me. I guess it was pointless to do those things." On Sun, 2003-03-23 at 23:10, Ian Grigg wrote: > The question arises, why? For what reason is > the MITM a core part of the SSL threat model? > And, why do all the implementations assume this? [...] > The analysis of the designers of SSL indicated > that the threat model included the MITM. [...] > Consider this simple fact: There has been no > MITM attack, in the lifetime of the Internet, > that has recorded or documented the acquisition > and fraudulent use of a credit card (CC). -- -Dave Turner Stalk Me: 617 441 0668 "I believe there is no righteousness in the situation in which we find ourselves." -Real Live Preacher --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
