14 Jul
1993
14 Jul
'93
4:01 p.m.
jpp@markv.com says:
The bootstrap problem (how you get the public key to the machine with only unsecure chanels at your disposal) is interesting though. I wonder if it can be solved without DH key exchange?
You can't even solve the problem with DH key exchange -- you are subject to "man in the middle" attacks. You must share SOME information via a secure channel in order to have both authentication and privacy on a channel. However, the information exchanged could be small and fairly one-time -- like the public key of a trusted entity that signs other public keys. Perry