I know that it is very popular to bash the PKI system but there are
security differences between an anonymous DH and PKI deployment that
provides server-side authentication.
And: Keep in mind that we have various activities in the IETF ongoing
that help to improve the security of the PKI.
Am 17.11.13 23:12, schrieb Masataka Ohta:
Theodore Ts'o wrote:
For example, using D-H with no attempt to authenticate the endpoints
means does not protect you against an active attacker who is carrying
out a MITM attack.
That being said, the problem for PKI is that, assuming active
MITM attacks both on ISP chains and CA chains, it offer no
better security than DH,
As DH involves end systems only, there is no point of deploying
PKI with no additional benefits.
Masataka Ohta