[Cryptography] Public-key auth as envisaged by first-year science students

Tom Mitchell mitch at niftyegg.com
Fri Aug 12 18:48:31 EDT 2016


On Fri, Aug 12, 2016 at 1:17 PM, mok-kong shen <mok-kong.shen at t-online.de>
wrote:

> Am 11.08.2016 um 22:10 schrieb Michael Kjörling:
>
>> On 11 Aug 2016 09:56 -0400, from leichter at lrw.com (Jerry Leichter):
>>
>>> The devil is, of course, in the details. You need to work the
>>> numbers to see how predictable the timing on legitimate exchanges
>>> is, and how quickly an attacker might be able to complete the MITM
>>> exchange.
>>>
>>
Physical layers do mater but one mitigation trick might be to watch
physical layer
traffic to and from others on the net.  That traffic would have to be
duplicated
for a MITM attack to be "perfect".

Network switches do hide a lot of traffic but there are almost always
broadcast
messages and other MAC level traffic.

To intercept and modify traffic to/from a device and go unnoticed it may be
necessary
to impersonate and retransmit all the other traffic on the net.

It is unlikely that a legal warrant to intercept traffic involving one
machine
will also permit the interception resultant storage (however short) and
impersonation
to retransmit the data.

This covers almost all over the air traffic and also cable modem traffic.
Point to point switched nets exist but are uncommon.

Consider the traffic into a co-location data center with thousands of
machines
and virtual machines serviced with a fat pipe.  Technically to MITM a
single machine
in a co-location facility requires a device to sit where?

I have also noted a confusion between privacy and secrecy.

By any measure a post card is a private but not secret message.
Current TLA slurps in an attempt to detect secret messages are
ignoring the privacy issues involving all the other traffic.  Postcards
can be folded and contain printed material.

regarding the postal service...
I cannot sit in a post office and read all the postcards.
The letter carrier cannot copy and communicate what is seen.
A hold on mail for vacationers cannot be communicated to the
world at large.  i.e. not allow criminals to see hints that a home
is unoccupied.

While these things are not "secret" there is an expectation
of privacy.
"The Postal Service must preserve and protect the security of all mail in
its custody from unauthorized opening, inspection, or reading of contents
or covers; tampering; delay; or other unauthorized acts. Any postal
employee committing or allowing any of these unauthorized acts is subject
to administrative discipline or criminal prosecution leading to fine,
imprisonment, or both."
http://www.apwu.org/sites/apwu/files/resource-files/Administrative%20Support%20Manual%20Issue%2013%20%28Updated%20through%2011-2013.pdf

Inspection by the postal service is limited to examination to validate the
rate paid.
Yes a book, yes book rate but the book cannot be read or duplicated and
sent to others.

http://pe.usps.com/Archive/PDF/DMMArchive20070717/mailingstandards.pdf
2.2.1 Inspection of Contents First-Class Mail is closed against postal
inspection. Federal law and USPS regulations restrict both opening and
reviewing the contents of First-Class Mail by anyone other than the
addressee.

-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160812/49ecb2c0/attachment.html>


More information about the cryptography mailing list