[messaging] MITM-safe communication w/o authentication possible?

U.Mutlu for-gmane at mutluit.com
Sun Nov 29 12:32:23 PST 2015

Hi all,

SRP and OTR+SMP are IMO good examples for MITM-safe online protocols.
But they require prior key exchange (ie. a persistent password or PKI 

I wonder if it can be possible, at least theoretically, to have a
MITM-secure internet channel without the use of PKI and/or
persistent password (ie. w/o authentication, like in the telephone network)?
Of course the communication must be encrypted against passive MITM,
and must also detect active MITM.
Does anybody know of such a protocol, info, papers etc.?


More information about the Messaging mailing list