ok, let's try to tackle this problem seriously, for the crypto value (or lack thereof): Jim Choate wrote: > > > What makes 'your friend' an authority? > > > > he had the weapon in question in hand pretty much every day for several > > years. > > Yeah, says who? Does your friend even exist? Even if he does how does one > go about proving his assertions? And why should we trust whatever > 'reference' he passes us to? that is a different problem that has, in fact, been answered by me below. > Again, you're asking for 'trust' based on authority. How would one go > about 'authenticating' who you are? If I 'trusted' you why would I want to > authenticate you? you will have to trust something. then you use that something to verify something else, that is what: > > web-of-trust. means. > > Which doesn't work since I don't already know you. If I have trust why am > I using the encryption? How do I know that the key you gave Fred, and that > Fred then gave me is the key you gave Fred or the key Fred gave me? see above. or check what web-of-trust means. for for this problem, we have the following steps (in no specific order): 1.) verify that my friend is an authority on the issue 2.) verify that my friend actually exists 3.) verify the information exchange between you and and my friend everything else is parts of that. for example, my person only enters the picture as a middle man between you and my friend. if you trust me (which you don't) then I can make steps 1 and 2 for you and all that's left is to make sure that you receive the correct information from me, which could be solved by signing the mail cryptographically. since you don't trust me, you will have to either establish trust to me, or proceed to verify these steps on your own. > > I will authenticate my friend by having a face-to-face > > meeting. > > Really? This is based upon your assumption that the person you are meeting > is the person who you think you are. But how do you know a MITM attack > wasn't executed prior to your first meeting? Have you known this person > for many years, intimitely involved in their life? If you only know them > from the occassional party, or weekend football game then you could be > scammed. I've known this person for over 10 years. I'm pretty confident that any attempts to replace him with someone else in such a way as to fool me would be several orders of magnitude more expensive than the gain is worth. how you do this depends mostly on your threat-model. for this example, the threat is small - it's not like any TLA would throw a couple million dollars at this in order to fool you, right? ergo I can assume that a replacement by someone who can fool me for several hours is extremely unlikely. > > you can authenticate my words via PGP if you want to, I can > > sign the mail. > > Which means nothing, your PGP key is no more trustworthy than your words. dumb jim. :) it's not meant to be any more trustworthy than my words. in fact, it's sole purpose (in this case) is to ensure that my words are really my words. it's part of step 3 above. > > now as to how to authenticate whether or not my friend is what I claim > > he is - well, I'm sure he has the appropriate documents that could be > > checked for forgery, etc. if you insist (and pay the costs) that could > > surely be arranged. > > Which again proves nothing. I have no way to tie a packet of documents to > a person, even if they had a photograph on them. Even if they were stamped > with an official seal. The only way they would prove anything is if I > authenticated not only their source but the process by which they were > generated. if they are stamped with an official seal (which in the case of the military I'm quite sure they are) then you can be sure that any of 3 cases is true: a) they are valid b) the government (or other place of origin of the seals) is in on the conspiracy c) a forger with more skill than your forgery-detection method is in on the conspiracy in the case of a question about ammunition, both b) and c) are highly unlikely. again, you have applied the highest possible threat model to a case where even a medium one would be paranoia. > Bottem line, there is no fundamentally functional authentication protocol. > They all require a level of trust that is not appropriate if one is > already concerned enought to use encryption. wrong. we can solve your problem IF you present us with a list of those things that you DO trust. from there on, trust can be extended. e.g. if you trust your own eyes, then visiting both Tim and me can assure you that there are two DIFFERENT entities claiming to be Tim and Tom. you can then verify whether they really are what they claim, the method of verification again depending on what instances you trust. for example, if you trust the german government to keep correct records, you could check those on me (birth certificate, etc) to verify that I am who I claim to be. you have also got to take the threat model into account. in the worst case, there is no trust because you're living in The Matrix and what you see with your own eyes doesn't even exist. in the end, trust and verification aren't binary if you meet real life. you can never be 100% sure that I am who I claim to be. however, you can gradually increase your verification/trust factor by any of the processes outlined above and/or an unlimited number of other ones.
