On 17/12/13 21:38 PM, Joseph Birr-Pixton wrote:
In very general terms, you cannot hope to achieve confidentiality without authenticity.
Actually, you can achieve confidentiality, you just can't prove it in cryptographic terms.
The original poster should not be dissuaded by claims that no MITM solution makes it worthless. The same trick was done to SSL and look at where that got us: mass surveillance because it is too hard to deploy in 100% of circumstances.
Also, look at Greg Rose's post. The bar is very very low because anyone who wants to MITM a facebook user can also slip in many other approaches.
Doing just enough to force the attacker to go active -- by *any means* -- is a really good tool.
In the alternate, add some MITM protection as a second generation. There are some easy, sorta maybe methods like sharing the number over another channel (phone, SMS, skype). You can much better appreciate what works for your design once it is up and running, and once your users start telling you what they can do. This you cannot achieve at all if you design in some cold-war PKI design from the get-go.
iang _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
