Jeffrey Walton wrote:
How do we teach developers to differentiate between the good
"men-in-the-middle" vs the bad "man-in-the-middle"?
According to another post by Peter, good ones would be based on
anonymous D-H.
Perhaps they should be using the evil bit in the TCP/IP header to
indicate someone (or entity) is tampering with the secure channel?
https://tools.ietf.org/html/rfc3514.
That's an April 1st RFC!
Oh, maybe this whole thread is a bit in advance with the calendar.
More seriously, I agree that the questions raised by Jeffrey are
relevant, and I support his main point. End-to-end security should make
some sense, even today.
Regards,
--
- Thierry Moreau
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
