Re: Think Piece: Key Free Trust in the Semantic Web

On Thursday 04 April 2002 22:51, Aaron Swartz wrote:
> MITM can occur in the static document scenario, if you imagine the Man
> sitting at your ISP, slyly rewriting all the crypto that comes thru. (I
> admit, this is a very paranoid scenario.) The attack here would be to
> feed you (seemingly signed) documents that the real person never signed.

Yep, sounds we're violently disagreeing. It's the same problem, just that 
MITM is typically used to demonstrate the further problem that just because 
you have some level of interactivity with the actual recipient, that still 
doesn't prove that you have the right key.


-- 

Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature/
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/

Received on Thursday, 4 April 2002 23:00:20 UTC