> Nobody doubts that it can occur, and that it *can*
> occur in practice.  It is whether it *does* occur
> that is where the problem lies.

Or, whether it gets reported if it does occur.

> The question is one of costs and benefits - how much
> should we spend to defend against this attack?  How
> much do we save if we do defend?

Absolutely true.  If the "only" effect of a MITM is loss of privacy, then that is 
certainly a
lower-priority item to fix than some quick cash scheme.  So the "threat model" needs 
to clearly
define who the bad guys are, and what their motivations are.  But then again, if I am 
the victim of
a MITM attack, even if the bad guy did not financially gain directly from the attack 
(as in, getting
my money or something for free), I would consider "loss of privacy" a significant 
thing. What if an
attacker were paid by someone (indirect financial gain) to ruin me by buying a bunch 
of stock on
margin?  Maybe not the best example, but you get the idea.  It is not an attack that 
millions of people, but to the person involved, it is pretty serious.  Shouldn't the 
"server" in
this case help mitigate this type of attack?

> So, why bother with something that isn't a threat?
> Why can't we spend more time on something that *is*
> a threat, one that occurs daily, even hourly, some
> times?

I take your point, but would suggest "isn't a threat" be replaced by "doesn't threaten 
majority".  And are we at a point where it needs to be a binary thing -- fix this OR 
that but NOT

-- tomo

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to