- From: Graham Klyne <GK@ninebynine.org>
- Date: Sat, 06 Apr 2002 07:29:29 +0100
- To: Aaron Swartz <me@aaronsw.com>
- Cc: "Joseph M. Reagle Jr." <reagle@w3.org>, RDF-Interest <www-rdf-interest@w3.org>
At 09:51 PM 4/4/02 -0600, Aaron Swartz wrote: >MITM can occur in the static document scenario, if you imagine the Man >sitting at your ISP, slyly rewriting all the crypto that comes thru. (I >admit, this is a very paranoid scenario.) The attack here would be to feed >you (seemingly signed) documents that the real person never signed. What I think is interesting about Joseph's proposal is that however paranoid you may be, it's difficult to believe that an attacker has compromised every information source in the Internet, or even a significant majority of them. If you believe that, then I think you might as well give up on any form of security. I think the most pernicious attack is one in which one's "usual" processing platform is compromised: whatever security may exist to the outside world, information presented to the operator cannot be checked. I think trust in one's local platform is pretty much a prerequisite for any security. #g ------------------- Graham Klyne <GK@NineByNine.org>
Received on Saturday, 6 April 2002 04:15:47 UTC