As an extension of the man-in-the-middle issue, how do you establish trust in the first place (i.e. how do you know who the other end is)?
Yeah, that's basically what I was thinking about this morning. If you want to talk to a complete stranger, you can't possibly know if you're talking to the right stranger without relying on someone else telling you "Yeah, that's the right guy."
Securely communicating with a random stranger is not useful. Since you don't know who they are, you have no idea what they are doing with your communication.
Well, yes, if they're a complete stranger you've got no clue what they're doing with the information you're sending them. But I was more interested in whether or not the sending and receiving of messages can be secure or not.
As a more concrete example: you find a website selling high-end laptops for $100 each. You are naturally cautious, but their order form has an SSL certificate. If the order form is secure, it must be safe to order, right?
Seems legit. Ha, nice example.
It is entirely possible to communicate securely without a friend, you should read more about cryptography.
Ooo, interesting. If there's a book that is a "light read" and explains things in simple English then I'd definitely be interested, if you know of any. On the other hand, if the only books covering that stuff are full of technical and algorithmic detail I'd probably rather just have someone explain it to me like I'm 4 :)
Man in the middle attacks can be detected with modern day cryptography, and it is possible to authentic that who you are talking to is indeed who you intend to talk to. Is this 100% full proof? No.
Can you elaborate on what kind of attacks we're still vulnerable to?