You realise of course that encrypted traffic between unvalidated hosts gives you no guarantee of security as you cannot claim to be certain as to who you are encrypting the traffic for? If you do not validate the hosts at all, you cannot guarantee the security of the public key which is transfered over an open network. Ie if Im trying to establish a secure channel with machine B and I recieve a public key, I cannot be sure this key is A) even from B in the first place, or that only myself and B know the key.
Iain
