[messaging] MITM-safe communication w/o authentication possible?

Ximin Luo infinity0 at pwned.gg
Sun Nov 29 13:41:10 PST 2015

On 29/11/15 21:32, U.Mutlu wrote:
> I wonder if it can be possible, at least theoretically, to have a
> MITM-secure internet channel without the use of PKI and/or
> persistent password

If by "without the use of X" you mean "without any further human input", this is impossible. (That is the simplest way to interpret your question, and I think it's the most appropriate way too.)

The underlying problem is to check that a key (cryptographic identifier) is actually controlled by the same entity as a "real world" identifier. This not something that can be proved *only* through pure mathematics or cryptography; one needs some sort of human input *at some stage* to tell the software system "you may assume key A <-> uid B", or (preferably) a simpler and less ambiguous piece of information (a) that allows the software to eventually deduce this.

More complex PKI systems can reduce the amount of human input that is needed. For example, "master keys" can reduce the number of subkeys of my contact that I have to verify (b). The original idea of the web of trust was to use your friends' inputs as well as your own (c). Public transparency systems (d) such as CT, blockchains, try to use inputs from everyone across the world to reduce the risk of forged inputs.

The way I see it, it would be nice if:

(a) the human part of this process is minimised, and reduced down to exact instructions, e.g.: "I physically witnessed my contact, {X := unambigious description of contact} confirm that private-key B belongs to them" and "I witnessed a public-key operation from B that confirms {X} is the same entity as them" rather than "I have checked this key carefully" which is impossible to do further reasoning on.
(b) there were nicer and more efficient UIs to do this in a more unified way across applications (i.e. that let me verify more keys in less time)
(c, d) future research could formalise more precise logics for these solutions, that actually quantifies the threats involved, and how these solutions reduce those threats. at the moment all solutions in this area are basically hand-waving and asserting "we are more secure because we have more data". that's reasonable, but we don't really have an idea *how* reasonable. 

I haven't heard of any research that explores these lines in detail, but I haven't looked into the existing literature in this area too deply.



More information about the Messaging mailing list