anonymous DH & MITM
Tim Dierks
tim at dierks.org
Thu Oct 2 15:35:12 EDT 2003
At 11:52 AM 10/2/2003, Zooko O'Whielacronx wrote:
> Bear wrote:
> > You can have anonymous protocols that aren't open be immune to MITM
> > And you can have open protocols that aren't anonymous be immune to
> > MITM. But you can't have both.
>
>I'd like to see the proof.
>
>I think it depends on what you mean by "MITM". Take the Chess Grandmaster
>Problem: can Alice and Bob play a game of chess against one another while
>preventing Mitch (the Man In The CHannel) from "proxying" their moves to one
>another while taking the credit for being a good chess player?
I think it's a tautology: there's no such thing as MITM if there's no such
thing as identity. You're talking to the person you're talking to, and
that's all you know.
Re: your chess problem, I think the reason it's not applicable is because
the concept of "Alice" and "Bob", as distinct from "Mitch", has no role in
an anonymous protocol: Alice completing a chess move with Mitch is just as
valid as completing one with Bob.
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list