[Cryptography] What is a secure conversation? (Was: online forums...)
Theodore Ts'o
tytso at mit.edu
Fri Dec 27 13:36:26 EST 2013
On Fri, Dec 27, 2013 at 10:03:30AM +0300, ianG wrote:
>
> Trinity might also start mitm'ing, by actively sending messages out
> to people that don't go to others. So we might want to know that
> all messages got to everyone, and no selective conversations are
> happening.
Yes, but *so* *what*? How could an attacker to achieve some goal that
he or she might want to achieve?
It's not enough to say things like "an attacker could do XXX". If
we're going to do a credible analysis, this is critical. Why is this
important, and how much are we willing to pay (in terms of
inconvenience, extra hardware, etc.) to avoid this potential "attack"?
I don't know about other people, but I don't consider this list
critical infrastructure. If I were to not get some number of the
messages, it wouldn't necessarily impact my life or my work in any
significant way.
Regards,
- Ted
More information about the cryptography
mailing list