From: "Mike Rosing" <[EMAIL PROTECTED]> > > Is there a defense against MITM for Diffie-Hellman? Is there another > > protocol with equivalent properties, with such a defense? (Secure > > communications between two parties, with no shared secret and no out-of-band > > abilities, on an insecure network.) > > What do you mean by no shared secret? The point of DH is that you > get a shared secret.
I guess I should have said "no *previously* shared secret". > Check out MQV protocol for MITM defense and forward secrecy. It > uses permenent public keys and ephemeral public keys for each > session. In any protocol, the out-of-band check of the public > keys is still a "good thing". Well... I assume an active MITM (like my ISP). He's able to intercept my public key request and change it. Plus, I now realize I should have put an even harder condition - no previously shared *information*, even if it's public. I need to know if two complete strangers can communicate securely over an insecure network, even if they communicate through an untrusted party. Wasn't there a protocol for two prisoners communicating through an untrusted guard? Thanks, Mark
