ESP Unix encrypted session protocol software
Alan Barrett
barrett at daisy.ee.und.ac.za
Mon Jan 30 23:56:13 PST 1995
> > Right - using DH exchange is probably appropriate in situations where
> > there is no pre-established credentials for the party on the other
> > machine.
>
> D-H also provides perfect forward secrecy, which is a reason to use it
> even if there is already an established set of credentials.
How about public-key signing the D-H exchange? Public key to eliminate[*]
the man-in-the-middle attack, and D-H for forward secrecy.
* Almost eliminate. A sufficiently powerful man in the middle could
conceivably subvert the public keys.
--apb (Alan Barrett)
More information about the cypherpunks-legacy
mailing list