On Mon, Feb 3, 2014 at 2:18 PM, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote:
On 04/02/2014 03:00, Bjoern Hoehrmann wrote:
...
>> Again, with either PGP or S/MIME (and X.509) with a self-signedI'm having difficulty understanding that assertion.Does your
>> cert or key, authentication is not needed to start using
>> encryption, only a (perhaps implicit) belief on the part of the
>> sender that, if the recipient can advertise a public key, it
>> probably has the private one and that the key-advertiser is not
>> the proverbial entity-in-the-middle.
>
> Without entities in the middle, encryption is unnecessary.
definition of "entity in the middle" include passive wire/fibre taps?
Brian
There are active attacks and passive attacks.
When we talk about man in the middle attacks we are usually talking about an active man in the middle who can change traffic.
A passive wire tap is not usually considered to be a 'man in the middle' attack.
--
Website: http://hallambaker.com/
Website: http://hallambaker.com/