On Thu, 27 Jun 2002, Marcel Popescu wrote: > Is there a defense against MITM for Diffie-Hellman? Is there another > protocol with equivalent properties, with such a defense? (Secure > communications between two parties, with no shared secret and no out-of-band > abilities, on an insecure network.)
What do you mean by no shared secret? The point of DH is that you get a shared secret. Check out MQV protocol for MITM defense and forward secrecy. It uses permenent public keys and ephemeral public keys for each session. In any protocol, the out-of-band check of the public keys is still a "good thing". Patience, persistence, truth, Dr. mike