[messaging] MITM-safe communication w/o authentication possible?
for-gmane at mutluit.com
Sun Nov 29 14:11:40 PST 2015
So, in summarizing the replies so far: it is not possible
without a central authority, or an a priori shared secret,
or PKI certificates.
Ok, let's say the only missing link here is just a missing shared secret,
ie. a password. If that were given then it will function.
Now, going a step further: is it not possible to exchange
a temporary password (OTP) on-the-fly during the protocol
in a secure way with the other party?
That is, one would need to embed such an algorithm into the protocol.
Could for example the Interlock Protocol not be used for this?
Or maybe in a combination with SMP? As said, the task is "just"
to create and exchange on-the-fly an ephemeral secret between the parties.
More information about the Messaging