Firewall Wizards mailing list archives
Re: Privacy (Was Re: Rant (Was Re: ...FTP...))
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Wed, 21 Apr 1999 19:07:23 -0700
<dleblanc () mindspring com> wrote:I also think we're going to lose much of the anonymity we currently have as we move forward.OK, I'll bite. I agree with you to a limited extent, but don't protocols such as the initial Diffie-Helman (which provided key establishment, really, without authentication) provide a sort of anonymity? Sure, with anonymity one is subject to MITM attacks, etc., but it can be done.
All crypto protocols are susceptible to MITM, unless some sort of information has previosuly been exchanged, securely.
There are schemes being developed (although I know personally of no widespread deployment) for anonymous purchasing transactions.
Be careful with the word "anonymous" there. SET allows for anonymity between certain parties, but not complete anonymity. It may be possible to implement some sort of e-cash that is truly anonymous except when it's being purchased.. unless the e-cash minter allows people to walk up with cash and walk off with a floppy full of e-cash. The allows the consumer to be anonymous, which is what we care about, but not the minter.
My question is: is there a benefit to deploying a system where we can provide anonymity, but still authenticate?
Sure, it's possible to set up an encrypted connection with an anonymous somebody... them, and every man in the middle along the way. But hey, they're anonymous people, too.
That is, can I send a message to a list, for example, as "Joe Blow", which is not my real name :-), but still provide, say, a certificate in the name of Joe which assures the readers that I am Mr. Blow?
Certificates have the most value when they represent a set of policies that indicate the certificate issuer performs some set of steps to verify identity. Anyone can be a CA, and even Verisign offers it's lowest-form of personal certificate that amounts to no checking. The problem with the Joe Blow cetificates is that you have no incentive to keep them safe. You don't care if they get stolen or even if you give them away. Smart people will ignore those kind, stupid people may be fooled by them.
Is there a benefit in that (or in other anonymity for that matter)?
For the anonymous party.
I can do this now by getting a certificate from Thawte in any name I want to. Presumably I can do that from other CA's too. Maybe we can even create a special CA for "certificates of anonymity". This would allow the secure transfer of files (as mentioned in the message which started this thread) and allow the provider of the file to contact the anonymous "accesser" securely, without ever revealing anyone's identity.
It's the other end's certificate that give you security, and vice-versa. If you're looking to initiate a secure transfer, it's the other guy's certificate that matters. If the other guy is trying to initate a connection to you, he can't be sure that he's talking to who he wanted, because the anonymous certificates are worthless. This is all layer-7 anonymity, anyway. As long as layer-3 isn't anonymous, the above one don't much matter. I guess I should give my $.02, which has it's problems, too. My solution to being anonymous is to work for a large company with lots of Internet connections and address space, and run the firewalls and other logging devices. If someone at another site sees something that appears to be from my site, they have to come to me to verify it, or at least to ask who behind my firewall did it (we do many-to-one NAT.) I can always plead ignorance. Phear evil firewall admins. Ryan P.S. Lest anyone think I really do this.. I don't. I deal with other sites honestly.. and yes, my users DO sometimes pull stupid user tricks that I have to explain when they show up in other's logs. The point is, you're stuck taking my word for it.
Current thread:
- Privacy (Was Re: Rant (Was Re: ...FTP...)) John McDermott (Apr 21)
- Re: Privacy (Was Re: Rant (Was Re: ...FTP...)) Adam Shostack (Apr 22)
- <Possible follow-ups>
- Re: Privacy (Was Re: Rant (Was Re: ...FTP...)) John McDermott (Apr 22)
- Re: Privacy (Was Re: Rant (Was Re: ...FTP...)) Ryan Russell (Apr 22)