All,
Adam Back writes:
> Carl Ellison has an argument somewhat like this -- that a nym *is* the
> collection of messages -- and I'm not sure I agree. His argument is
> that if I have always talked to nym Bob through man in the middle Eve,
> then Bob to me is Eve *and* Bob, so it's not an attack.
I've written elsewhere on computer security that a major objective is
meeting the _intentions_ of users. Here are my first 2 paragraphs:
: Modern general-purpose computers run programs. store data and communicate
: with other devices typically including other computers in the office or
: around the world. Computer security work can be described as arranging
: for these computers to do what is intended _and nothing else_.
:
: When a user runs a computer program there is more than one person with
: some control over what is happening - and this makes meeting the intentions
: of any or all of these people potentially very difficult.
> The thing is we could frustrate MITM attacks if we model the set of
> pseudonymous communicants as being connected by a network with set of
> links only some proportion of which the attacker can maintain MITM
> over. So if the nyms can communicate without MITM some of the time
> they can detect MITM. So the nyms exchange fingerprints, and hashes
> of sets of fingerprints say using hashtrees and broadcast them over
> any available channels.
> As MITM is relatively expensive to maintain, we may get some
> reasonable security by defining the non MITM fingerprints for a given
> identity to be the ones with the stronger weighting in the fingerprint
> set.
I'd be interested to see this proposal in more detail but it sounds
expensive too.
--
##############################################################
# Antonomasia [EMAIL PROTECTED] #
# See http://www.notatla.demon.co.uk/ #
##############################################################
