From: Anton Stiglic <[EMAIL PROTECTED]> | From: "Tim Dierks" <[EMAIL PROTECTED]> | > I think it's a tautology: there's no such thing as MITM if there's no such | > thing as identity. You're talking to the person you're talking to, and | > that's all you know. | | That seems to make sense.... No; it's false. If Alice and Bob can create a secure channel between them- selves, it's reasonable to say that they are protected from MITM attacks if they can be sure that no third party can read their messages. That is: If Alice and Bob are anonymous, they can't say *who* can read the messages they are sending, but they might be able to say that, assuming that their peer is following the protocol exactly (and in particular is not releasing the shared secret) *exactly one other party* can read the message.
They've got exactly that same assurance in a MITM situation: unfortunately, Mallet is the one other party who can read the message. If you extend the concept to say "but I want Bob to be the one who can read the message", you've discarded anonymity. And saying that "I want only one party to have access to my message" is digital rights management.
Note that if you have this, you can readily bootstrap pseudonymity: Alice and Bob simply use their secure channel to agree on a shared secret, or on pseudonyms they will henceforth use between themselves. If there were a MITM, he could of course impersonate each to the other ever afterward.
Even if you could make this assertion, how would you avoid something that I'll call the "Cyrano attack": that the person you're communicating with is not, in fact, the source of the witticisms you associate with his pseudonym? And how is that attack distinct from MITM?
- Tim
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
