we've had some of this discussion related to X9.59, namely that SSL verifies
that the URL used and the certificate DNS info somewhat correspond. one problem
is that many people don't necessarily arrive at a web site by actually typing
the URL ... so provided URLs are one method of attack. The o
On Thu, Jul 27, 2000 at 10:18:02PM -0700, James A. Donald wrote:
> At 05:02 PM 7/27/2000 -0700, Steve Reid wrote:
> > Mallory sends The Real Alice an email claiming to be from The
> > Real Bob (this can be done with the usual spoofing) , telling Alice
> > that she can contact "him" as "Bob'"
>
Perhaps you wouldn't trust your WOT with you life, but at least you know
that there is some accountability in the signature chain. If you find that
Mallory has a key that says "Bob'" then you can follow the
signatures. When you find the person who admits that he signed
--
At 05:02 PM 7/27/2000 -0700, Steve Reid wrote:
> Someone can pull off a man-in-the-middle attack without having to
> "put on make up, [and] declare himself to be the other person". I
> think MITM could be done effectively against your protocol without
> requiring special help from the
--
t 01:41 PM 7/27/2000 -0400, William Allen Simpson wrote:
> I'll also note that provably secure multicast is an ongoing project
> over at Honeyman's CITI.
I do not understand what is meant by "provably secure". One can only prove
security against a particular threat. There will always
On Wed, Jul 26, 2000 at 11:53:07PM -0700, James A. Donald wrote:
> Looking at someone's face, and hearing his voice, is good enough in
> all common circumstances, and common circumstances means "where the
> customers are".
Someone can pull off a man-in-the-middle attack without having to "put
on
-BEGIN PGP SIGNED MESSAGE-
amanda wrote:
>
> On Wed, 26 Jul 2000, Eugene Leitl wrote:
> > Clearly, you can maintain a secure connection to an anonymous party.
>
> No you cannot. If Bob is anonymous then it is impossible for Alice to
> know if her secure connection goes to Bob or Mitch.
--
On Wed, 26 Jul 2000, Eugene Leitl wrote:
> > Clearly, you can maintain a secure connection to an anonymous
> > party.
At 08:08 AM 7/27/2000 +, amanda wrote:
> No you cannot. If Bob is anonymous then it is impossible for Alice
> to know if her secure connection goes to Bob or Mitch
--
James A. Donald writes:
> > In real life situations where one wishes a conversation to be
> > secure, people are most commonly authenticated by not by true
> > name, but by face.
At 02:49 PM 7/26/2000 -0700, Eugene Leitl wrote:
> We're mixing several unrelated items in one pot her
On Wed, 26 Jul 2000, Eugene Leitl wrote:
> Clearly, you can maintain a secure connection to an anonymous party.
No you cannot. If Bob is anonymous then it is impossible for Alice to
know if her secure connection goes to Bob or Mitch. In the classic
man-in-the-middle attack Mitch impersonates Bo
James A. Donald writes:
> In real life situations where one wishes a conversation to be secure, are
> people most commonly authenticated by true name, or by face.
We're mixing several unrelated items in one pot here. One thing is
authentication, the other is securety. Authentication is when
James A. Donald wrote:
> With video, the authentication problem, which has always been the great
> barrier to the widespread use of crypto, goes away.
>
> [Does it? In a few years, it should be possible to synthesize video in
> real time... --Perry]
Today's best synthesized voice is clearly not
12 matches
Mail list logo
