On Fri, Aug 29, 2014 at 10:17 AM, Tao Effect <[email protected]> wrote: > On Aug 29, 2014, at 8:26 AM, Ben Laurie <[email protected]> wrote: > > On 28 August 2014 20:44, Tao Effect <[email protected]> wrote: > > So, I think I was MITM attacked. [1] > > I think I detected it. > > I pointed it out. I presented evidence. > > > I am curious about this - I reviewed the tweets, and the evidence > appears to be that the cert was changed at time A and you noticed the > change at time A + a few weeks. I didn't see any evidence that you > checked it between those two times... > > > I had checked the website the day prior to those tweets. Cert change > appeared a day later. That is why I was (and am still) convinced that it was > a MITM attack.
Where the website owner confirmed that the new cert was correct? > > This event serves as a real-world example of the community's reaction to > MITM attacks. It highlights extreme skepticism and apathy in spite of clear > evidence of a MITM attack. > > Only major CA compromises that have affected giant companies (like Google) > get press. > > This example shows that people on this list could be MITM attacked right > now, and in the unlikely event that they detected it, it may not matter > much. That is why I prefer systems that prevent MITM attacks from happening > in the first place, and without any ambiguity. What's the difference between the key associated to [email protected] changing because I forgot a passphrase and changing because it's been MITM'd? If you want to make addresses keys, then you introduce a different set of problems, where the address associated to an individual is changed. The basic problem is that the only individual who knows what keys should be associated with them, is the individual who owns the private keys. And so you need to have a consistent, global view of that map, which can get occasionally updated and have them check the correctness of this map. Sincerely, Watson Ladd > > Cheers, > Greg Slepak > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA. > > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
