Stephen Kent wrote:
It's very difficult to write text that accurately conveys the intent,
and yet is technically precise.
Full ACK. :-)
For example, you wrote:
"Without key management at an Internet scale, authentication is often
not possible."
*ephemeral DH exchange is a type of key management, and it works at
Internet scale.**So, what I think you meant to say, when paraphrasing
Viktor (who made the same mistake in the I-D) **
**is something like*
"Authenticated key management at an Internet scale has yet to be achieved."
I think it is in general a _bad_ idea to describe an ephemeral DH exchange
as some form of key management -- because it is *NOT* key management.
To me, the use of the word "management" implies _control_ over keys.
An _unauthenticated_ DH key exchange protocol is where both peers
give a f*** about control of keys, is a mathematical scheme where
both peers end up computing the same key. But due to the _lack_ of
control (aka lack of management), neither party knows which other
party has that same DH key, whether it is the peer they believe to
be talking to, or whether it is a man-in-the-middle who makes them
believe that they talking to each other directly.
If the DH exchange is _authenticated_, then this is where "control"
comes into play, aka "management" of who is party to the keys and
party to the communication.
-Martin