BLIND: A Complete Identity Protection Framework for End-Points (Transcript of Discussion)
In the JFK paper we made the kind of throw away assertion, a very trivial assertion, that the reason that you can’t have identity protection for both parties in the presence of an active attack is that someone has to reveal their identity first, unless you know something about each other that’s secret in advance. Assuming certificates and so on is themeans for identification, someone has to identify first, you can’t say, I’ll only tell you who I am if you tell me who you are.
Now that was an assertion of a trivial fact rather than a proof. I’m wondering if you believe, under the assumptions we had, that that was true?