17 Dec
2003
17 Dec
'03
11:17 p.m.
On Mon, 30 Jan 1995, Matt Blaze wrote:
And if you had a trusted secure key store on the remote host, you wouldn't really need to use Diffie-Hellman to establish the session key in the first place, since you could just store each user's pre-established session key in advance.
Right - using DH exchange is probably appropriate in situations where there is no pre-established credentials for the party on the other machine. Inter-domain authentication while possible in theory is not often carried out to any great extent in reality. Companies don't trust each other, or at least are not concerned by this lack of security for inter-domain communications. -Thomas