Re: PACKAGE in the MAIL: Is it SAFE?

From: KPJ (kpj@sics.se)
Date: Tue Jan 23 2001 - 11:15:53 MST


It appears as if Harvey Newstrom <mail@HarveyNewstrom.com> wrote:
|
|To be technical, the man in the middle attack is not an "attack"
|against an existing securely established relationship. It is a form
|of fraud or con wherein one is persuaded to set up a new secure
|relationship with someone untrustworthy. That means that if you
|personally know someone and set up proper secure communications with
|them, the man-in-the-middle con cannot break it (theoretically).

[...Excellent summary of the Middle Men, Inc., attack deleted...]

Note: "set up proper secure communications with them" means "meet them
      in person and exchange keys, and then use these keys to set up
      an encrypted communication link with them".

Unfortunately, one can not do that without getting their key _in_person_.

If one uses some kind of network access, the Middle Men, Inc., can intercept
the message, change it to insert themselves into the loop, and break the
security.

EXAMPLE. If one wish to e-trade with Some Company, Ltd., then there exist
         currently _no_ methods to make certain that the Middle Men, Inc.,
         do not intercept the connection, insert their own false data, or
         whatever. Encrypted communication _only_ works if somebody gives
         their key to you in person.

If your system administrator gives you a security token, like a Kerberos
password or some key, then you can use that token to connect to your system
over an insecure network. But if you don't have a key to begin with, then
you lose.

And if you wish to engage in e-trade with some entity which you don't meet
in person, then somebody can have broken the communication security and
you lose. And you would not even notice it.

If you have created a secure communication link, then you can of course
use it to change the key. The problem appears the first time you wish to
engage in secure communication.

You must have somebody you trust to give you a key. I detect no such
entities on the Internet today.

|I do not believe any amount of technology on the communications pipe
|will be able to solve the problem of untrustworthy humans on the
|other end. A different solution for trusting or controlling business
|partners would need to be found.

True, but then you describe Yet Another Problem (YAP).

|One possible solution for some cases would be full anonymous cash.
|If you could do business anonymously and still get paid, you wouldn't
|care what the person did on the other end. In this case, you
|wouldn't need your messages to be encrypted, merely that your
|messages could not be traced back to you. This is a different
|solution to a different problem, but might solve some business
|requirements for e-business.

Anonymous cash fixes the vendor's problem but not the buyer's problem.

The vendor gets anonymous cash, and thus gets paid.
But the buyer cannot really know the vendor will deliver anything.

Unless they meet in person, naturally.



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:05:15 MST