also sprach Eugen Leitl <eugen@leitl.org> [2003.10.09.1931 +0200]:
What is wrong which just exchanging the keys for ad hoc mode? You could cache them and log whenever a key has changed (at least allowing to detect a MITM post facto).
... like SSH, huh?
We're really looking for blanket rollout of a low-security service which wouldn't stand a dedicated attacker yet would effectively prevent large-scale screening of cleartext traffic as currently practised by diverse TLAs.
I am all for it. This should be implementable in a cousin of isakmpd, no? PS: please don't CC me on mailing lists... -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! microsoft windoze - the best solitaire game you can buy. [demime 0.97c removed an attachment of type application/pgp-signature]