On 2009-03-03 at 13:12 -0800, Michael G Schwern wrote: > Phil Pennock wrote: > > On 2009-03-03 at 00:00 -0800, Michael G Schwern wrote: > >> Phil Pennock wrote: > >>> On 2009-03-02 at 18:36 -0800, Michael G Schwern wrote: > >>>> Tony Finch wrote: > >>>>> On Mon, 2 Mar 2009, Francisco Olarte Sanz wrote: > >>>>>> I think the point made by the original poster is valid, if you use a > >>>>>> encrypted unauthenticated connection you cannot just be sniffed, you > >>>>>> need to be subject to a MITM or similar attack. > >>>>> That's so difficult! > >>>> Yes, MITM is difficult. > >>> Bull. Go ahead and install dsniff, read the man-pages for the utilites > >>> that software provides. > >>> > >>> You're spewing forth crap and are too ignorant to realise it. > > > >> The sorts of things dsniff can do is easily defeated by an "am I talking to > >> the same ident as last time" system like ssh uses. > > > > Please stop straw-manning the argument. "Same ident as last time" is > > not unauthenticated. > > When I say "encryption tangled with identification" I mean SSL style. Not > just ssh style "you're the guy I talked to last time" which is cheap, but > "you're Joe Bank, owner of joebank.com" which is expensive. Recall that this > started out as a rant against the SSL cert trust process. > > I don't know why you'd eliminate the "you're the guy I talked to last time" > part. Its easy, its cheap, it solves 80% of the problem. If you thought I > was advocating eliminating that, no wonder you thought I'm an ignorant idiot. > > Now I trust the thread makes a lot more sense?
Your ability to switch arguments and claim that someone who countered your previous argument must have been trying to argue against your new position is truly remarkable. Look further up in the text which is still quoted. Look back at what you wrote but is no longer quoted (I had trimmed it): } Yes, MITM is difficult. Especially compared to the ease of sniffing } unencrypted packets at J Random Internet cafe which any idiot with tcpdump or } Wireshark can do. This in the context of what Francisco wrote, which is still quoted above; he said encrypted unauthenticated was better because you'd need to be subject to MITM. Tony made a sarcastic comment, you then defended the encrypted unauthenticated position by noting how difficult you believe MITM to be. You truly are unable to have a rationale debate, using logic, without resorting to the use of various underhanded logical fallacies to try to worm your way out of your mistakes or to denigrate anyone who says anything you disagree with. We're not morons. I fail to understand why you continue to try to get away with this crap. -Phil
