17 Dec
2003
17 Dec
'03
11:17 p.m.
From: Matt Blaze <mab@research.att.com> [this = storing secrets] At the extreme, fixing this is a Hard Problem. In practice for establishing a reasonably secure session, it all depends on how much you worry about a full-blown (two way) spoofing attack against IP. I know Matt realizes, but let me repeat for the rest of the list. Just because plain old Diffie Hellman is subject to active attack doesn't mean it's useless. Some protection is better than no protection at all. It's still worthwhile implementing some security to make an opponent's task harder than to implement no security. And just because some people find this level of security inadequate does not mean that everyone else does. Eric