ietf-openpgp
[Top] [All Lists]

Re: Applicability of signed messages as proof of sending

2005-08-14 09:56:20

Ben Laurie wrote:

Richard Laager wrote:

I'll admit that MITM attacks are rare and sophisticated,...


I wish we could kill this myth that MitM is "rare and sophisticated". On wireless networks, they are common and trivial.


I don't think there is any myth that it is sophisticated
or trivial - it gets done many times at conferences of
hackers.  The claim that is made is that it is expensive.

As to whether it is common - the myth is easy to dispel
by presenting some facts.  Most times I've seen it claimed
it has turned out to be something else.

Got any?  Facts, not claims that is....  It would be an
enourmous service to the developers to know how much
weight to put on MITM.  Right now, theory says none
because there is no case history.

On wired networks they are easy for the network admins to mount. The practice is sufficiently commonplace that many corps have their own CA keys in employees' browsers so they can forge X509 certs.

Hmmm.  Is that the sole reason?  Or one of many reasons?

And how often do they conduct this attack?

Keylogging is a _much_ harder attack to mount.


Doesn't seem to slow down the phishers much...

iang