At 03:38 PM 10/6/03 -0400, Ian Grigg wrote: >I'm asking myself whether "anonymous DH" is confusingly named. >Perhaps it should be called psuedonymous DH because it creates >psuedonyms for the life of the session? Or, we need a name >that describes the creation of psuedonyms, de novo, from >an anonymous starting position?
Think of an "identity" is one endpoint of a communication link. Identities can have varying degrees of persistance and varying degrees of association with meatspace/bank accounts. These are orthogonal dimensions. An endpoint can maintain a reputation (persistant "identity") but need not be linked to meatspace entity. A nom-de-plume is a traditional example. By itself, DH exchange only assures that the endpoints remain constant (plus, via the typical symmetric key exchange, also provides confidentiality) for the session. If there is a MITM, the endpoints are not what the distal endpoints (Alice & Bob) might think. RSA-certs as administered by Verislime have very little meatspace linkage --you can't sue Verislime if their signed-claims about a meatspace entity are untrue, and the certholder ran off with your money, or if the cert was copied and your DNS cache poisoned. Similarly, publishing a RSA public key and email address does not guarantee anything. And since trust is *not* transitive, the so-called "web of trust" does little to help, because your personally trusted associates may have been compromised. And of course single meatspace entities may have several RSA keys which others do not know have a common user. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]