On 29/11/15 21:32, U.Mutlu wrote:
> I wonder if it can be possible, at least theoretically, to have a
> MITM-secure internet channel without the use of PKI and/or
> persistent password
If by "without the use of X" you mean "without any further human input", this
is impossible. (That is the simplest way to interpret your question, and I
think it's the most appropriate way too.)
The underlying problem is to check that a key (cryptographic identifier) is
actually controlled by the same entity as a "real world" identifier. This not
something that can be proved *only* through pure mathematics or cryptography;
one needs some sort of human input *at some stage* to tell the software system
"you may assume key A <-> uid B", or (preferably) a simpler and less ambiguous
piece of information (a) that allows the software to eventually deduce this.
More complex PKI systems can reduce the amount of human input that is needed.
For example, "master keys" can reduce the number of subkeys of my contact that
I have to verify (b). The original idea of the web of trust was to use your
friends' inputs as well as your own (c). Public transparency systems (d) such
as CT, blockchains, try to use inputs from everyone across the world to reduce
the risk of forged inputs.
The way I see it, it would be nice if:
(a) the human part of this process is minimised, and reduced down to exact
instructions, e.g.: "I physically witnessed my contact, {X := unambigious
description of contact} confirm that private-key B belongs to them" and "I
witnessed a public-key operation from B that confirms {X} is the same entity as
them" rather than "I have checked this key carefully" which is impossible to do
further reasoning on.
(b) there were nicer and more efficient UIs to do this in a more unified way
across applications (i.e. that let me verify more keys in less time)
(c, d) future research could formalise more precise logics for these solutions,
that actually quantifies the threats involved, and how these solutions reduce
those threats. at the moment all solutions in this area are basically
hand-waving and asserting "we are more secure because we have more data".
that's reasonable, but we don't really have an idea *how* reasonable.
I haven't heard of any research that explores these lines in detail, but I
haven't looked into the existing literature in this area too deply.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
