[messaging] MITM-safe communication w/o authentication possible?

U.Mutlu for-gmane at mutluit.com
Sun Nov 29 14:11:40 PST 2015


So, in summarizing the replies so far: it is not possible
without a central authority, or an a priori shared secret,
or PKI certificates.

Ok, let's say the only missing link here is just a missing shared secret,
ie. a password. If that were given then it will function.

Now, going a step further: is it not possible to exchange
a temporary password (OTP) on-the-fly during the protocol
in a secure way with the other party?
That is, one would need to embed such an algorithm into the protocol.

Could for example the Interlock Protocol not be used for this?
Or maybe in a combination with SMP? As said, the task is "just"
to create and exchange on-the-fly an ephemeral secret between the parties.

-- 
U.Mutlu




More information about the Messaging mailing list