CryptKit 0.9: cryptsock
Paul Rubin
phr-n2001d at nightsong.com
Fri Nov 30 23:41:34 EST 2001
Bryan <bryan at eevolved.com> writes:
> > Stupid newbie question: How does cryptsock guard against a
> > man-in-the-middle attack?
>
> Good question. This version doesn't. The next version will implement
> ECPAK. I am trying to stay away from CA's for now. Any suggestions?
CA's are for when you're trying to talk to complete strangers. If
you're trying to talk to someone you already "know", the obvious
non-CA authentication strategy is use a shared secret key. You still
want to want DH-like key agreement for the channel encryption, because
of the forward secrecy.
More information about the Python-list
mailing list