Jeroen van Gelderen wrote:
> On Tuesday, Mar 25, 2003, at 14:38 US/Eastern, Ed Gerck wrote: > > Let me summ up my earlier comments: Protection against > > eavesdropping without MITM protection is not protection > > against eavesdropping. > > You are saying that active attacks have the same cost as passive > attacks. That is ostensibly not correct. Cost is not the point even though cost is low and within the reach of script kiddies. > What we would like to do however is offer a little privacy protection > trough enabling AnonDH by flipping a switch. I do have CPU cycles to > burn. And so do the client browsers. I am not pretending to offer the > same level of security as SSL certs (see note [*]). I agree with this. This is helpful. However, supporting this by asking "Who's afraid of Mallory Wolf?" is IMO not helpful -- because we should all be afradi fo MITM attacks. It's not good for security to deny an attack that is rather easy to do today. > I'm proposing a slight, near-zero-cost improvement[*] in the status > quo. You are complaining that it doesn't achieve perfection. I do not > understand that. Your proposal is, possibly, a good option to have. However, it does not: provide a credible protection against eavesdropping. It is better than ROT13, for sure. Essentially, you're asking for encryption without an authenticated end-point. This is acceptable. But I suggest that advancing your idea should not be prefaced by denying or trying to hide the real problem of MITM attacks. Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
