- From: Mitch Zollinger <mzollinger@netflix.com>
- Date: Mon, 14 May 2012 12:28:14 -0700
- To: Eric Rescorla <ekr@rtfm.com>
- CC: <public-webcrypto@w3.org>
On 5/14/12 12:11 PM, Eric Rescorla wrote: > On Mon, May 14, 2012 at 12:08 PM, Mitch Zollinger > <mzollinger@netflix.com> wrote: >> The MiM attack is prevented by device authentication that is done using some >> other means. I did not include an authenticated DH exchange (or key >> unwrapping exchange for that matter) for the sake of simplicity. If the doc >> needs clarity on this point, I'm happy to add the caveat that authentication >> is expected. > Then i really don't understand the point of this exchange at all, since if > you already have keying material for the device you can just use that > directly to arrange to have a shared secret. If I have pre-shared keys (or X509 certs + keys) on these devices, I can use those for device authentication, then perform a DH exchange to create a session / session key with PFS, for example. Mitch > > -Ekr >
Received on Monday, 14 May 2012 19:28:45 UTC