-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Natanael,
Yes, a persistent man in the middle can break any TOFU-style scheme. Natanael <natanae...@gmail.com> wrote: > How to defeat a chess grandmaster; > > Play as a proxy between two chess grandmasters. Just copy their > moves, let them play each other while both of them just see > *your* face. > > There's typically nothing in the data binding the actions to > your identity. Somebody persistent enough can silently > substitute keys indefinitely if you have no alternative > communications channel. Do you honestly think the risk of mass impersonation is greater than the current dumpster fire of keyservers that anyone can anything upload to and most users will just blindly trust anyway? :-) Attacks on this scheme are mitigated by time. Again, like other TOFU (which this is a variant of), you have to start your attack early and be persistent. This significantly raises the bar. Sometimes the attack becomes impossible, and it is almost always hard. You can't decide to start impersonating me tomorrow, you have to have decided to do so 5 years ago. You have to decide to impersonate the grand chessmaster while he's still an uninteresting nobody. Bring on the time machine and we'll talk! And remember, people who need stronger assurances can still use all the other verification techniques. - Bjarni -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJYSSFRAAoJEI4ANxYAz5SRKeQH/i7iRgoIu3zDVZI1ZTag3MQt iEMAS9RIb6sHDiFaPjlceWz/+pQcSdOoWwkBSZDeDGuv12GWKp/+fAqCwYw+RZaB kq+uxidCZhZ8vx87tCVfd+MdNAiHxcWbceLx8GE1Gi6ajnyNdr1wmHua37IR9Ajb S4ma4hAKoJVmw6mqSpSzJRybBqcJns7zq90nS6Ktu+5NnG/DFkMG7j+kZ4FAOwOO alJL4o517JFy+WPc9XIieYiCxYjYcOlde0rlvVwfseYBu2sDjTHVFlCkfMQrG+hO QUJXYWwP+OpfKvWPvXOs4bKi6lo4SjUA/EX3TZ1LLZyhI7HLDiO6kvw8uZBoZ6Y= =pj2l -----END PGP SIGNATURE-----
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
