[14499] in cryptography@c2.net mail archive
Re: how to defeat MITM using plain DH, Re: anonymous DH & MITM
daemon@ATHENA.MIT.EDU (Zooko O'Whielacronx)
Sat Oct 4 14:55:11 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: 4 Oct 2003 07:53:32 -0400
From: "Zooko O'Whielacronx" <zooko@zooko.com>
To: "Ed Gerck" <egerck@nma.com>
Cc: "Anton Stiglic" <astiglic@okiok.com>,
"Jerrold Leichter" <jerrold.leichter@smarts.com>,
"Cryptography list" <cryptography@metzdowd.com>,
"Tim Dierks" <tim@dierks.org>
In-Reply-To: Message from Ed Gerck <egerck@nma.com>
of "Fri, 03 Oct 2003 15:44:01 PDT." <3F7DFBB1.555FDA10@nma.com>
Ed Gerck wrote:
>
> It's possible to have at least one open and anonymous protocol
> immune to MITM -- which I called multi-channel DH.
This is a good idea!
I used to advocate it on the cypherpunks list (e.g. [1]).
Later I learned that it is called a "Merkle Channel". From _MOV_ [2], page 48:
"""
One approach to distributing public keys is the so-called Merkle Channel
(see Simmons, p.387). Merkle proposed that public keys be distributed over
so many independent public channels (newspaper, radio, television, etc.)
that it would be improbably for an adversary to compromise all of them.
"""
Regards,
Zooko
[1] http://cypherpunks.venona.com/date/1995/10/msg00668.html
[2] http://www.cacr.math.uwaterloo.ca/hac/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
