[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RFC2409
>>>>> "Ivars" == Ivars Suba <IvarsS@bank.lv> writes:
Ivars> The essence of attack is following: Initiator(chess
Ivars> Grandmaster#1) and Responder(chess Grandmaster#2) trust
Ivars> Cheater(chess novice) and vice versa, however they don't trust
Ivars> each other. Grandmaster#1 and Grandmaster#2 are convicted
Ivars> that they play chess with novice and are surprised by novice's
Ivars> phenomenal chess proficiency, but have not understood that
Ivars> they actually play each other. In this type of attack novice
Ivars> play pipe role with some cryptographic transformations as
Ivars> decryption of IDi (IDr) and Ni (Nr), encryption IDc and Ni(Nr)
Ivars> with other's Grandmaster public key and forwarding with KEi
Ivars> (KEr).
But that's not a protocol flaw.
If you trust X but X cheating, your trust is inappropriate. NO
protocol can ever fix this.
Analogous example: if you encrypt traffic to a friend for the purpose
of keeping those messages confidential, but your "friend" then posts
the messages on alt.gossip, is that a protocol failure? No; you
picked the wrong friends!
paul
References: