home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!olivea!spool.mu.edu!yale.edu!jvnc.net!princeton!athena!dla
- From: dla@athena (Don Alvarez)
- Newsgroups: sci.crypt
- Subject: Re: Anti-spoofing protocol?
- Message-ID: <1993Jan4.160546.11746@Princeton.EDU>
- Date: 4 Jan 93 16:05:46 GMT
- References: <1993Jan4.090057.20269@netcom.com> <1993Jan4.104051.23477@qualcomm.com>
- Sender: news@Princeton.EDU (USENET News System)
- Organization: Princeton University
- Lines: 33
- Originator: news@nimaster
- Nntp-Posting-Host: athena.princeton.edu
-
- In article <1993Jan4.104051.23477@qualcomm.com> karn@servo.qualcomm.com (Phil Karn) writes:
- >In article <1993Jan4.090057.20269@netcom.com> rcain@netcom.com (Robert Cain) writes:
-
- >>The problem of detecting a spoof in between two ends of a
- >>Diffie-Hellman exchange is unsolved, as far as I know, using any known
- >>protocol.
-
- >Why do you say that? You can detect the "ends against the middle"
- >attack against DH if the parties sign their DH exchanges (using RSA or
- >some other digital signature scheme) and verify them before using the
- >DH-generated key to encrypt anything real.
-
- Digital signatures won't solve the problem Robert is posing. The
- problem is how do two parties transition from an initial state of
- having no way to communicate securely to a final state of having a way
- to communicate securely.
-
- If the two parties can use RSA or some other digital security scheme
- to prove their identities, then they have already made that
- transition. Put simply, how did I learn to validate your digital
- signature? Sure, the message has a digital signature, but did you
- sign it or did George Bush's evil twin skippy? If I am confident of
- my ability to validate your signature, then we must already be
- connected by some form of secure path through which you sent me info
- on how to do the validation. Otherwise skippy could just say "Hi Don,
- this is Phil, my digital signature key is ..."
-
- It's a chicken-and-egg problem: You can't distribute a key in a secure
- manner without a prior means of secure communications, but if that
- means of secure communications is cryptographic, then it requires the
- prior distribution of a key.
-
- -Don.
-