On Fri, Jan 23, 2015 at 6:00 PM, U.Mutlu <[email protected]> wrote:
> They are MITM safe. Basically one needs just DH + Key Authentication, > for example H(DHkey,H(p)), whereby on server only H(p) is known and stored. > This authenticates not only the client to the server, but implicitly > also the server to the client, under the condition that the userDB > on the server is secured against theft. And in my draft solution this > is assured. Then we can forget about PKI wholly. You're vaguely describing what Trevor calls Short Authentication Strings, but it would require a human on the server-side to verify them, which is ludicrously impractical for the open Internet. That said, Trevor has said this discussion is OT for this list. Perhaps consider reposting this to [email protected] instead. -- Tony Arcieri
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
