On 04/02/2014 08:37, Phillip Hallam-Baker wrote:
> On Mon, Feb 3, 2014 at 2:18 PM, Brian E Carpenter <
> brian.e.carpenter@xxxxxxxxx> wrote:
>
>> On 04/02/2014 03:00, Bjoern Hoehrmann wrote:
>> ...
>>>> Again, with either PGP or S/MIME (and X.509) with a self-signed
>>>> cert or key, authentication is not needed to start using
>>>> encryption, only a (perhaps implicit) belief on the part of the
>>>> sender that, if the recipient can advertise a public key, it
>>>> probably has the private one and that the key-advertiser is not
>>>> the proverbial entity-in-the-middle.
>>> Without entities in the middle, encryption is unnecessary.
>> I'm having difficulty understanding that assertion.Does your
>> definition of "entity in the middle" include passive wire/fibre taps?
>>
>> Brian
>>
>
> There are active attacks and passive attacks.
>
> When we talk about man in the middle attacks we are usually talking about
> an active man in the middle who can change traffic.
>
> A passive wire tap is not usually considered to be a 'man in the middle'
> attack.
Agreed, but it was the assertion that without one, encryption
is unnecessary that puzzled me.
Brian