Re: What will incentivize deployment of explicit proxies?

In message <>, "Nicol
as Mailhot" writes:

>That's where e2e integrity comes into play (and as end-user I'd
>like to have it too). Besides that's a major part of reassuring users
>nothing fishy is going on behind their back

And as usual, once you start pulling on a single loose thread, you
find out that it's tied to all the turtles:

What good is e2e integrity, if you don't know who the other 'e' is ?

All you can know without e2e authentication is that you have some
cryptographic property (privacy/integrity/whatever...) all the way
to the node where the (first!) MITM attack is implemented.

Unless you use a Pre Shared Key, there are only three levels of security:

1. Plaintext.

2. Obfuscated to keep trival tcpdump/snort snoopers out of the loop.

3. Authenticated.

If you want more than #2, you need to fix #3, and that I belive is
waaay beyond this WG.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Thursday, 12 December 2013 16:15:01 UTC