[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI: identity protection and DOS
In message <OE20dgLXZ3lV3Rr4Ygc00005184@hotmail.com>, "david chen" writes:
>The very reason to certify a public key is that
> if the key is not 'public' enough than it is subject to MIM attack.
>
>Self-signed cert is subject to MIM attack unless...
>then why we need public/private key.
You misunderstand. I'm suggesting that whatever secure channel could
be used to share a symmetric key could be used to share a public key.
If you can't trust that channel, you can't use pre-shared secrets,
either.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
Follow-Ups: