-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Michael, On 03/12/2014 08:47 PM, Michael Richardson wrote: > The part that we are all discussing is determining how (much) to > trust the DH results. I don't think that's a very accurate characterisation to be honest. I think the most relevant (but intertwined) factors are: - - trading off ease of deployment vs. endpoint authentication - - trading off protection against passive vs active attack - - better separating key exchange from endpoint authentication so that traditional authentication or TOFU or whatever can be used before during or after key exchange S. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQEcBAEBAgAGBQJTIMkuAAoJEC88hzaAX42iNbgH/2zx/K+XLC1j17iDnCmK4Kn6 mZGTrtpYf2EiAquYoS0fb2iZ8Ni7G3SV/HeUvohdT2SdhzzJ1nfxX93FHdQi0TV5 /slo1yikxtalAmxOJJQutxeXqQFd8J50uoDHfFt0qa25ph6PU5Nb7ICpONQzbfCM i6oOuh8/qY7746S51DC1a8A0FsqdhWktcEwa+sxmh9aLImmCTrSfx4lHoCMFxowO vE7tYngzifAKV5KWdC6n7UJFgXTniVGgcEpLSplN4oXMJz2Mh8dHg+Yk8aORPCq9 lBE4j3b5BWWi7U1wTcYmPQHy9GwTg2ApzhBoHCKycfmoXVIHvR1EunAo3JrATmk= =Tvs/ -----END PGP SIGNATURE----- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
