- From: Joseph Reagle <reagle@w3.org>
- Date: Thu, 4 Apr 2002 23:00:19 -0500
- To: Aaron Swartz <me@aaronsw.com>, RDF-Interest <www-rdf-interest@w3.org>
On Thursday 04 April 2002 22:51, Aaron Swartz wrote: > MITM can occur in the static document scenario, if you imagine the Man > sitting at your ISP, slyly rewriting all the crypto that comes thru. (I > admit, this is a very paranoid scenario.) The attack here would be to > feed you (seemingly signed) documents that the real person never signed. Yep, sounds we're violently disagreeing. It's the same problem, just that MITM is typically used to demonstrate the further problem that just because you have some level of interactivity with the actual recipient, that still doesn't prove that you have the right key. -- Joseph Reagle Jr. http://www.w3.org/People/Reagle/ W3C Policy Analyst mailto:reagle@w3.org IETF/W3C XML-Signature Co-Chair http://www.w3.org/Signature/ W3C XML Encryption Chair http://www.w3.org/Encryption/2001/
Received on Thursday, 4 April 2002 23:00:20 UTC