[messaging] PKI is dead

Tony Arcieri bascule at gmail.com
Fri Jan 23 18:27:24 PST 2015

On Fri, Jan 23, 2015 at 6:00 PM, U.Mutlu <for-gmane at mutluit.com> wrote:

> They are MITM safe. Basically one needs just DH + Key Authentication,
> for example H(DHkey,H(p)), whereby on server only H(p) is known and stored.
> This authenticates not only the client to the server, but implicitly
> also the server to the client, under the condition that the userDB
> on the server is secured against theft. And in my draft solution this
> is assured. Then we can forget about PKI wholly.

You're vaguely describing what Trevor calls Short Authentication Strings,
but it would require a human on the server-side to verify them, which is
ludicrously impractical for the open Internet.

That said, Trevor has said this discussion is OT for this list. Perhaps
consider reposting this to cryptography at metzdowd.com instead.

Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20150123/20b2db0c/attachment.html>

More information about the Messaging mailing list