[messaging] MITM-safe communication w/o authentication possible?

Ximin Luo infinity0 at pwned.gg
Sun Nov 29 14:57:51 PST 2015

On 29/11/15 23:53, Ethan Heilman wrote:
> It is possible If your identity in a system is directly tied to your
> public key or some provable secret.

No, this is a common fallacy of "identity-based encryption". No human user thinks in terms of contacting cryptographic identities. There is some *implicit* binding here between your contact's idea of who they think you are, vs the cryptographic identifier/key/string that their software is actually performing the cryptographic protocol with.

One may ignore the problem, push it away to another layer, and/or refuse to use language that allows one to think clearly about the real issues involved; but this does not mean that such issues do not exist.



More information about the Messaging mailing list