Re: [IAB] Mandatory encryption as part of HTTP2

Theodore Ts'o wrote:

For example, using D-H with no attempt to authenticate the endpoints
means does not protect you against an active attacker who is carrying
out a MITM attack.


That being said, the problem for PKI is that, assuming active
MITM attacks both on ISP chains and CA chains, it offer no
better security than DH,

As DH involves end systems only, there is no point of deploying
PKI with no additional benefits.

                                                Masataka Ohta

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Number of CAs, (continued) Re: Number of CAs, Masataka Ohta Re: Number of CAs, Yoav Nir Re: Number of CAs (was: Mandatory encryption as part of HTTP2), SM Re: Number of CAs (was: Mandatory encryption as part of HTTP2), Yoav Nir Re: Number of CAs (was: Mandatory encryption as part of HTTP2), Phillip Hallam-Baker Re: Number of CAs (was: Mandatory encryption as part of HTTP2), Paul Hoffman Re: Number of CAs, Masataka Ohta Re: Number of CAs, Phillip Hallam-Baker Re: Number of CAs (was: Mandatory encryption as part of HTTP2), mutek Re: Number of CAs (was: Mandatory encryption as part of HTTP2), Phillip Hallam-Baker Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta <= Re: [IAB] Mandatory encryption as part of HTTP2, Hannes Tschofenig Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta Re: [IAB] Mandatory encryption as part of HTTP2, Hannes Tschofenig Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta Re: [IAB] Mandatory encryption as part of HTTP2, Phillip Hallam-Baker Re: [IAB] Mandatory encryption as part of HTTP2, Theodore Ts'o Re: [IAB] Mandatory encryption as part of HTTP2, Phillip Hallam-Baker Re: [IAB] Mandatory encryption as part of HTTP2, Yoav Nir Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta Re: [IAB] Mandatory encryption as part of HTTP2, Masataka Ohta