<p dir="ltr"><br>
Den 4 dec 2015 23:49 skrev "U.Mutlu" <<a href="mailto:for-gmane@mutluit.com">for-gmane@mutluit.com</a>>:<br>
><br>
> Martin Dehnel-Wild wrote on 12/04/2015 09:58 PM:<br>
>><br>
>> Yes. Having a pre-shared public key definitely allows you to prevent MITM<br>
>> attacks. (Where by 'attack' I assumeĀ you mean 'the adversary learns the<br>
>> agreed key')<br>
><br>
><br>
> Yes, indeed that's what I'm meaning by attacks.<br>
> But I have a hard time to see how the use of a public key can help here,<br>
> because the public key is by definition known to everybody, so also to<br>
> the MITM, but then he can easily replace the encrypted message by his<br>
> own message encrypted with the same public key --> bingo!<br>
><br>
> Or, where is my lack of understanding here?<br>
><br>
> Thanks for the info and links below, I'm going to study them.</p>
<p dir="ltr">This is where you tell them to reply encrypted to your public key, inside the encrypted message, and sign it. So they got a message from somebody else? If they know you already, they'll see the signature failed. If they don't, you'll be the one who notices the total lack of response, and you'll try again until you get one (which is signed). </p>