Guus Sliepen <g...@sliepen.org> writes: >But, if you query an online database, how do you authenticate its answer? If >you use a key for that or SSL certificate, I see a chicken-and-egg problem.
What's your threat model? At the moment if I get a key from a PGP keyserver for a random contact I have no way of authenticating it (it may be signed, but I have no idea who the signers are), I just hope the key's the right one. The ability to receive email at the given address helps prove it's them, and the ability to reply indicates proof of possession of the private key. In this case if I want to know whether (say) a Verisign-issued cert is valid I go to www.verisign.com and ask. Sure, you can defeat this with a fair bit of effort, but doing a live MITM on a random TCP connection from an arbitrary user just doesn't scale as well as a spamming out a zillion phishing emails and waiting for users to come to my botnet. The point isn't to create a perfect defence but to raise the bar sufficiently that attackers can no longer profitably use it as an attack vector. In any case for this specific case DNSSEC will be along any minute to save us all, so we don't have to worry about it any more. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
