Let me see if I understand correctly: Client takes its own public key and the server's public key and creates this signature.
MITM can take its public key and the client's public key and send the resulting signature to the server instead of forwarding what it received from the client.
Do pretty much the same exact thing: MITM PK + Server's PK -> Client. Now client has a signature as well. The signatures that client and server have are different but that is OK as long as MITM can see and change all communication.
It has been a while since I went through the details of the protocol, so I must be missing something. What is it?
> MITM can take its public key and the client's public key and send the resulting signature to the server instead of forwarding what it received from the client.
That's not possible, since the MITM doesn't know the client's private key (and using a different public key will be rejected by the server).
> Do pretty much the same exact thing: MITM PK + Server's PK -> Client. Now client has a signature as well. The signatures that client and server have are different but that is OK as long as MITM can see and change all communication.
You're confusing the Diffie-Hellman Key Exchange with the Public Key Authentication Method. When you MITM the key exchange, the shared secrets the client and server have are different (one side has a secret derived from the client and MITM keys, the other side has a secret derived from the MITM and server keys), but that works as long as the MITM can see and change all communication (basically, decrypting it and encrypting it again).
But since the secrets are different, the session identifier is also different. The MITM can't forward the signature from the client since the server will fail to verify it due to the mismatch in the session identifier; the MiTM can't create a new signature with the client public key since it doesn't have the corresponding private key; and the MITM can't create a valid signature with its own public key (and the corresponding private key) since that key won't be in the authorized keys list for that user account in the server.
That model breaks when you don't have perfect knowledge of whether or not you will perish. Therefore in every practical situation we are forced to assign a finite cost to risk. And generally people tend to prefer tiny increases to societal risk over compromising their personal comfort.
No, I believe that money successful humans as single units are extremely rational and cold calculating.
The problem is that this rationality is often centered on a single beneficiary (You) because why would you care about any other beneficiary?
However times and times again it turns out that no company is as evil as government. Hence I am an anarcho capitalist.
On the whole even with every company only thinking about themselves, it is a distributed system self sustaining and self correcting. No single unit has unlimited power.
Historically it’s always the governments that are vastly more evil and chaotic than any private enterprise ever conceived.
And so we can see it now as another example from USA government. No company could ever get so corrupt and evil as current American elected officials.
You seem to tacitly acknowledge corporate America can also be evil, just not as evil as government can be? Why put corporate America on a pedestal at all then? Why content yourself with what you consider the lesser of two evils?
Demand accountability from your elected officials. It can be done by not electing them. You have no such agency over corporate America (short of boycotting, I suppose).
To my eye the U.S's highest elected official is in fact also a company.
MITM can take its public key and the client's public key and send the resulting signature to the server instead of forwarding what it received from the client.
Do pretty much the same exact thing: MITM PK + Server's PK -> Client. Now client has a signature as well. The signatures that client and server have are different but that is OK as long as MITM can see and change all communication.
It has been a while since I went through the details of the protocol, so I must be missing something. What is it?