Hi all,
SRP and OTR+SMP are IMO good examples for MITM-safe online protocols.
But they require prior key exchange (ie. a persistent password or PKI
certificates).
I wonder if it can be possible, at least theoretically, to have a
MITM-secure internet channel without the use of PKI and/or
persistent password (ie. w/o authentication, like in the telephone network)?
Of course the communication must be encrypted against passive MITM,
and must also detect active MITM.
Does anybody know of such a protocol, info, papers etc.?
--
Thx
U.Mutlu
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
