[messaging] PKI is dead

U.Mutlu for-gmane at mutluit.com
Fri Jan 23 18:55:29 PST 2015

Tony Arcieri wrote, On 01/24/2015 03:27 AM:
> On Fri, Jan 23, 2015 at 6:00 PM, U.Mutlu <for-gmane at mutluit.com> wrote:
>> They are MITM safe. Basically one needs just DH + Key Authentication,
>> for example H(DHkey,H(p)), whereby on server only H(p) is known and stored.
>> This authenticates not only the client to the server, but implicitly
>> also the server to the client, under the condition that the userDB
>> on the server is secured against theft. And in my draft solution this
>> is assured. Then we can forget about PKI wholly.
> You're vaguely describing what Trevor calls Short Authentication Strings,

I mean simple password authentication whereby the password is neither
transmitted nor stored in the userDb on server and client. Instead
H(p) is transmitted and stored, plus a salt.

> but it would require a human on the server-side to verify them, which is
> ludicrously impractical for the open Internet.

No, it's not the case. It is for the same infrastructure of today.
Everything can be made to run automatically both with online
user registration as well with authentication.


More information about the Messaging mailing list