[7575] in cryptography@c2.net mail archive
Re: A proposal for secure videoconferencing and video messaging over the Internet
daemon@ATHENA.MIT.EDU (amanda)
Thu Jul 27 12:22:00 2000
Message-Id: <200007270807.e6R87l619054@smtp.wineasy.se>
From: amanda <amanda@wineasy.se>
To: <eugene.leitl@lrz.uni-muenchen.de>
Cc: <coderpunks@toad.com>, <cryptography@c2.net>
Date: Thu, 27 Jul 2000 08:08:23 "GMT"
On Wed, 26 Jul 2000, Eugene Leitl wrote:
> Clearly, you can maintain a secure connection to an anonymous party.
No you cannot. If Bob is anonymous then it is impossible for Alice to
know if her secure connection goes to Bob or Mitch. In the classic
man-in-the-middle attack Mitch impersonates Bob when talking to Alice and
he impersonates Alice when talking to Bob.
Did you read the literature on this stuff?
[Depends on what you mean by "anonymous". If the anonymous party has a
key he uses (i.e. the equivalent of a "nym") there is no problem at
all and no need for a CA either... --Perry]
> Authentication and security only touch shoulders when you're
> trusting the public key server
You are not supposed to trust key servers. It is the keys that you trust,
because they are signed by someone you trust (the CA or your WOT).
Amanda.
