I assume you're talking about confidentiality and authenticity. If all you care about is authenticity then you can proceed under the assumption that the channel /may/ be authentic and then later perform the authentication to retrospectively authenticate it. This is obviously "duh", but it's also how modern protocol negotiation works.
Matt On Jun 6, 2013, at 2:32 PM, Jonathan Katz <[email protected]> wrote: > Isn't it obvious? (I mean, there is some value in formalizing the model, but > still...) > > Consider authentication of A to B. If there is nothing distinguishing > (impersonator) Mallory from (honest) A, then anything A can do can also be > done by Mallory.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
