On Jan 23, 2015, at 6:37 PM, U.Mutlu <[email protected]> wrote: > > Why am I wrong? Where is your argument?
Several people have replied to you and presented arguments which you have either ignored or misunderstood. Michael mentioned: > Without PKI it’s a duckling model at best, and you don’t log into every > website every time with a password. Tony pointed out: > These aren't MITM safe. They're TOFU. They have no way to authenticate the > server. > > When you enroll a PAKE account, if you're talking to a MITM server, you're > toast. The MITM can then enroll with the real service on your behalf and > transparently proxy everything through, except the MITM will have the real > credentials, and your credentials will only work with the MITM. Your reply to him didn't address the argument he was making, possibly indicating that you probably misunderstood what he was saying about TOFU (trust-on-first-use). Cheers, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA. > Tony Arcieri wrote, On 01/24/2015 03:28 AM: >> On Fri, Jan 23, 2015 at 6:22 PM, U.Mutlu <[email protected]> wrote: >> >>> So, this is a safe & secure method. >> >> No, you're wrong, it's not, but please move this discussion to a more >> appropriate mailing list and I'll continue the discussion. > > Why am I wrong? Where is your argument? > This is basic maths everyone can verify him-/herself. > > And, I'm on-topic for this list, as it is about messaging. > If you don't like the discussion under this topic, then it is you who should > move along to other topics or lists... > > cu > Uenal > > > _______________________________________________ > Messaging mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/messaging
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
