On Thu, Jul 27, 2000 at 10:18:02PM -0700, James A. Donald wrote:
> At 05:02 PM 7/27/2000 -0700, Steve Reid wrote:
> > Mallory sends The Real Alice an email claiming to be from The
> > Real Bob (this can be done with the usual spoofing) , telling Alice
> > that she can contact "him" as "Bob'"
>
> Mallory can do this, but he cannot do it safely. The likelihood of
> exposure is very high, and the longer the deception continues, the greater
> the prospect it will be exposed.
I don't believe it's more "unsafe" than any MITM attack. It's not as if
Mallory is a trusted server with a reputation to protect. Mallory could
be off somewhere in a country with no extradition treaty, receiving
anonymous payments from an interested party.
To be fair, the sort of attack I described could work against SSL too.
Certificates can confirm that www.example.com is who you are
contacting, but certificates can't stop them from making their web site
look just like www.example.net's and duping people into giving payment
information to the wrong people. I think it would work especially well
against a videoconferencing system though, because there is a certain
trust inherent in face-to-face communications.
> If this is Alice's first contact with Bob through the secure protocol, she
> will surely mention how she obtained his address, exposing Mallory.
If Alice's first contact with Bob is something like, "Hi Bob, Carol
sent me your address...", what are the odds that either Alice or Bob
will confirm with Carol that she was the one who sent the information?
I don't think we can depend on ad-hoc social protocols to pick up the
slack where carefully designed cryptographic protocols have failed.
> Suppose Mallory gets away with it once. He cannot go on getting away with
> it indefinitely.
He doesn't have to get away with it indefinately, just long enough for
it to be worthwhile.
