So, in summarizing the replies so far: it is not possible without a central authority, or an a priori shared secret, or PKI certificates.
Ok, let's say the only missing link here is just a missing shared secret, ie. a password. If that were given then it will function. Now, going a step further: is it not possible to exchange a temporary password (OTP) on-the-fly during the protocol in a secure way with the other party? That is, one would need to embed such an algorithm into the protocol. Could for example the Interlock Protocol not be used for this? Or maybe in a combination with SMP? As said, the task is "just" to create and exchange on-the-fly an ephemeral secret between the parties. -- U.Mutlu _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
