-----BEGIN PGP SIGNED MESSAGE-----
amanda wrote:
>
> On Wed, 26 Jul 2000, Eugene Leitl wrote:
> > Clearly, you can maintain a secure connection to an anonymous party.
>
> No you cannot. If Bob is anonymous then it is impossible for Alice to
> know if her secure connection goes to Bob or Mitch. In the classic
> man-in-the-middle attack Mitch impersonates Bob when talking to Alice and
> he impersonates Alice when talking to Bob.
>
> [Depends on what you mean by "anonymous". If the anonymous party has a
> key he uses (i.e. the equivalent of a "nym") there is no problem at
> all and no need for a CA either... --Perry]
>
Amanda is correct on technical points, Perry on social points.
Secure key establishment requires an exchange of identification, and
vise versa. That's well established in the liturature.
When you have identification, it is not anoNYMous.
Never-the-less, the identification that is exchanged may be a
pseudo-NYM, and difficult to attach to meat space. That may very
well be enough for the application at hand.
> > Authentication and security only touch shoulders when you're
> > trusting the public key server
>
> You are not supposed to trust key servers. It is the keys that you trust,
> because they are signed by someone you trust (the CA or your WOT).
>
And I was in a hallway conversation with Honeyman yesterday, where he
was proposing taking a randomly generated temporary public-key (he
calls a junk key), establishing it between parties using Kerberos,
using it to sign a document, and signing the signature via a PKIX
timestamp. Throw away the junk key, and you have a time verified
signature verifiable in the future by a CA, but a completely
anonymous signer.
I'll also note that provably secure multicast is an ongoing project
over at Honeyman's CITI.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
iQCVAwUBOYBz/Nm/qMj6R+sxAQEOOQP/Y8HVpOJ9QOcFUNr+/XcdKjSEipSWpHbA
ivZv/IUgLU0RG/JM/+8x0Bv8NBtglNF4x8qEzR2YK92LKCOESGNhQPSzvnarsdyP
s42X0SFUewV3uXw3Ynn2N703UgnIrbCyZxXGLsvIjLOq3Xn1j9U3Gk/3M7rLsgHw
FhQdqLzdTHY=
=v/1I
-----END PGP SIGNATURE-----
