I had some more thoughts on the question of Man in the Middle attacks
on PGP. A lot has changed on the Internet since 1991 when PGP was
first released. (That was the year when the World Wide Web was
introduced as well.) Many of these changes significantly reduce the
practicality of an MITM attack:
1. The widespread availability of SSL.
SSL might be anathema to the PGP community since it depends on a CA
model for trust distribution, but it has become ubiquitous and every
personal computer sold these days includes an SSL enabled browsers
and a set of certs. If Bob fears he is under MITM attack, he can use
SSL to tunnel out. Several companies, such as hushmail.com, are
already using SSL to offer secure e-mail services. These can be used
directly by Bob to ask people at random to verify the version of
Bob's public key at the various PGP key servers.
An even better approach would be to use SSL to secure connections to
PGP key servers in different parts of the world. This would force an
MITM to subvert all the key servers as a minimum.
2. Instant messaging in its various guises: IRC, MOOs, MUDs, AOL's
IM, ICQ, Web-based chat services and virtual reality worlds. A MITM
attacker has to be prepared for Bob to attempt to use any of these as
a way to verify his key with Alice. Unlike e-mail, instant messaging
gives the MITM almost no time to inspect and alter Bob's messages. In
particular, the MITM cannot allow anything to pass who's meaning the
MITM does not understand.
Networked video games may present another opportunity to subvert the
MITM. Not only might they have subtle ways to allow signalling, but
they can be used to establish a shared secret (remember what my
character did to you in Level 5?) that the MITM will have a hard time
knowing, short of monitoring the game on a continuous basis.
3. CyberCafes. It might be conceivable to imagine the combined
forces of NSA and the rest of the world's spooks being able to detect
Bob's attempt to log in from anywhere in the world on his own
computer and then automatically redirect his traffic through the
MITM. However nothing short of 24 hour surveillance is going to
enable them to know when Bob enter a CyberCafe. Even then, it is
tricky to figure out which account he is logged in under.
4. The ubiquity of the Internet..
When PGP was first introduced, few people had even heard of the
Internet. Today, at least in the US, a majority of homes are
connected. You can walk up to stranger almost anywhere and ask them
to send an e-mail message for you. All it takes is one message to
Alice.
5. Many PGP users now have a history. There are thousands of PGP
users that have been active for years. If Bob has saved even one
e-mail or usenet message containing a PGP key fingerprint from long
ago, he can use that information to build a secure link with the
author, who can then tell Bob what the servers say is his key.
The one downside it near total user apathy. One way to get users to
actually verify keys might be to offer a reward for anyone who
surfaces an actual MITM attack. It is unlikely to be collected.
Arnold Reinhold