[messaging] MITM-safe communication w/o authentication possible?
jbonneau at cs.stanford.edu
Sun Nov 29 13:35:15 PST 2015
On Sun, Nov 29, 2015 at 12:32 PM, U.Mutlu <for-gmane at mutluit.com> wrote:
> Hi all,
> Of course the communication must be encrypted against passive MITM,
> and must also detect active MITM.
If you want to detect, but not prevent, active MITM, there's the approach
of a central key server with a "transparency log" to ensure global
consistency. A MiTM attack fundamentally requires that the key server
returns inconsistent results, which you can try to make detectable.
CONIKS is a proposal for this:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging