Re: Think Piece: Key Free Trust in the Semantic Web

At 09:51 PM 4/4/02 -0600, Aaron Swartz wrote:
>MITM can occur in the static document scenario, if you imagine the Man
>sitting at your ISP, slyly rewriting all the crypto that comes thru. (I
>admit, this is a very paranoid scenario.) The attack here would be to feed
>you (seemingly signed) documents that the real person never signed.

What I think is interesting about Joseph's proposal is that however 
paranoid you may be, it's difficult to believe that an attacker has 
compromised every information source in the Internet, or even a significant 
majority of them.  If you believe that, then I think you might as well give 
up on any form of security.

I think the most pernicious attack is one in which one's "usual" processing 
platform is compromised:  whatever security may exist to the outside world, 
information presented to the operator cannot be checked.  I think trust in 
one's local platform is pretty much a prerequisite for any security.

#g


-------------------
Graham Klyne
<GK@NineByNine.org>

Received on Saturday, 6 April 2002 04:15:47 UTC