Matthew Toseland wrote: > We're assuming different attack models here. Both are valid for certain > assumptions.
Fair point - I accept that if you assume the exchange is unobservable, a one-way invite can provide mutual authentication. But IMHO we shouldn't make that assumption - eavesdropping is known to be widespread, whereas at least we're still in the dark about the extent of active MITM. ;-) Cheers, Michael
