On Fri, 2015-02-13 at 16:16 -0800, Steve Langasek wrote: > On Fri, Feb 13, 2015 at 09:19:29AM +1000, Russell Stuart wrote: > > On Thu, 2015-02-12 at 10:57 -0800, Steve Langasek wrote: > > > I'm surprised no one else has brought up this point yet: part of the reason > > > for using cryptographic PKI (web of trust; SSL CAs; etc) is to eliminate > > > man-in-the-middle attacks. > > > Ah, but you see that is one of the beauties of proof of work. It is > > almost immune to MITM attacks. > > No, your so-called "proof of work" provides no protection at all against the > MITM attack I outlined. I don't understand, can you explain your reasoning to me? Just so you understand my reasoning: a man in the middle requires a key exchange to happen. Usually just one, when the man sits in the middle. This is what makes scenario I proposed (the one you dismissed as a nonsensical strawman) is possible, even easy. The attacker just has to do it once, at a place, time and people he chooses. It's because he gets to choose that the "weakest link" argument comes into play. For example if he had to do it during a yearly keysigning session at Debconf with a lot of other DD's watching on, then it becomes much harder. Indeed many on the thread have made much of the fact that it would be well neigh impossible. They are right - it probably is, but they are also wrong because the attacker gets to choose the time and place - not them. He won't choose the hard place to do it - he will choose the easiest. In contrast proof of work is usually done over a long time, each signed unit of work adding to the confidence level. So there are many exchanges. Further, these happen in public, meaning Debian publishes each unit. Thus it is easy for to sender to verify there wasn't a man in the middle when it was sent: he just verifies it's his on the published the work. Now it is true his checking can also be MITM'ed, but it is well neigh impossible to pull off. The attacker has to intercept every incoming email, ftp and web download over the six or twelve months the proof is being built up. Proof of work has a nice side effect of shifting the workload involved in defending against a MITM attack from Debian to the person trying to enter the project. In other words you don't need a room full of DD's to fly into one place during the year to prevent MITM the attacks, because under proof of work the person trying to enter Debian does the checking. The incentive to do the checking is strong because if he doesn't check it's possible someone else is taking credit for it - making all the effort he put in worthless. I'll summarise. In the WoT and it's variants, the MITM attacher does it once, and gets to choose the time, the place and the people he must fool. Because there are so many possible combinations inevitably in a project such a Debian there will combinations that are each easy to exploit. In proof of work the MITM attack must be repeated often, must be successful every time, it happens over a over period of months, the place presumably varies a lot, and he doesn't get to choose who he will fool - it must be the applicant, and the applicant is highly motivated to prevent it. If my reasoning has gone haywire somewhere I'd really appreciate someone explaining it to me.
Attachment:
signature.asc
Description: This is a digitally signed message part