[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on draft 03 of SKIP
Chris Liljenstolpe wrote:
> >> > Since there is nothing secret about DH public values, one natural way
> >> > to discover the relevant authenticated _public value_ is to distribute
> >> > these using a directory service.
> >> authenticated directory service ?
> >no authenticated _directory service_ is needed here.
> I disagree with this. If I am receiving public keys from some directory
> service that I have decided to trust (I think that they take proper
> authentication actions, etc), I want to know that I am really talking to
> that directory service and not some mitm or imposter.
Hi Chris,
I thought we were talking about authenticated public values. I do not mind
who sends me the values, as long as I can trust one of the parties that
authenticated them, and I securely get the public key of such a party.
Did I oversee something?
Germano
References: