how to defeat MITM using plain DH, Re: anonymous DH & MITM
Zooko O'Whielacronx
zooko at zooko.com
Sat Oct 4 07:53:32 EDT 2003
Ed Gerck wrote:
>
> It's possible to have at least one open and anonymous protocol
> immune to MITM -- which I called multi-channel DH.
This is a good idea!
I used to advocate it on the cypherpunks list (e.g. [1]).
Later I learned that it is called a "Merkle Channel". From _MOV_ [2], page 48:
"""
One approach to distributing public keys is the so-called Merkle Channel
(see Simmons, p.387). Merkle proposed that public keys be distributed over
so many independent public channels (newspaper, radio, television, etc.)
that it would be improbably for an adversary to compromise all of them.
"""
Regards,
Zooko
[1] http://cypherpunks.venona.com/date/1995/10/msg00668.html
[2] http://www.cacr.math.uwaterloo.ca/hac/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list