[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Man in the middle attacks

To: Bruce Zambini <jlasser@rwd.goucher.edu>
Subject: Re: Man in the middle attacks
From: cme@cybercash.com (Carl Ellison)
Date: Wed, 6 Mar 1996 11:54:31 -0500
Cc: spki@c2.org, coderpunks@toad.com, ietf-pkix@tandem.com
Sender: owner-coderpunks@toad.com

At 10:20 3/6/96, Bruce Zambini wrote:
>On Tue, 5 Mar 1996, Carl Ellison wrote:
>> if you have Bob locked in Eve's attic, does Bob exist apart from [Bob,Eve]?

>However, if you've met Bob in person once or twice, especially BEFORE you
>met Bob online, there is a very clear difference.

Yes!  If you've met Bob in person, then you have a body of common knowledge
that most likely can be converted to a shared secret.  That shared secret,
in turn, can be used to verify that there is no eavesdropper.  This
in-person meeting is the second channel which defeats Eve.

The thing which amazes me is how fragile the MITM attack is for all the
attention it gets.

+--------------------------------------------------------------------------+
|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc., Suite 430                   http://www.cybercash.com/    |
|2100 Reston Parkway           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Reston, VA 22091      Tel: (703) 620-4200                                 |
+--------------------------------------------------------------------------+

Prev by Date: specification language?
Next by Date: Re: ansi/ccitt doc availability
Prev by thread: Re: Man in the middle attacks
Next by thread: Re: Man in the middle attacks
Index(es):
- Main
- Thread