[Cryptography] Client certificates as a defense against MITM attacks

Viktor Dukhovni cryptography at dukhovni.org
Sun Mar 16 18:49:24 EDT 2014

On Sun, Mar 16, 2014 at 08:56:05PM +0100, Guido Witmond wrote:

> > This doesn't solve the "first connection between a pair of parties
> > neither of whom has any way of identifying the other".  
> Again, DNSSEC and DANE do identify the server.

We might recognize the fact that introduction and key continuity
are potentially separate problems.  After DNSSEC + DANE act as an
introducer of strangers, where a TTP is largely unavoidable, we
might from that point on use ideas along the lines of:


to make network MITM considerably more difficult.  The main difficulty
is that with domains key continuity cannot be assured.  Domains
are sometimes transferred to new owners, and in those cases it is
not clear whether the new owner's keys will be signed by the previous

This means that automated lights-out applications (say MTA to MTA
email) can't rely on Tack working indefinitely for all domains, and
some process for handing re-keying on domain transfer needs to be
designed that does not immediate bring back the MITM risks that
Tack is designed to avoid.


More information about the cryptography mailing list