Nikos Mavrogiannopoulos wrote: > Not really. I Don't know what you mean by simple nonce, but as I > understand dnscurve if implemented properly would have ssh-style > authentication. Ssh without secure public key distribution mechanism is not really secure cryptographically. In general, public key cryptography is scure only if public key distribution is secure. For example, DNSSEC is not really secure because key distribution through trusted third parties is not really trustable. > Only the first request of the server key is vulnerable > with mitm. So, we agree that DNSCurve is valunerable to MitM attacks. > Then it should be cached. As it is cached, a successful attack on the first request, which is easy if you can snoop packets, is more than enough. It invalidate all the legitimate replies and validate all the forged replies. If you can't snoop packets, long message ID is just secure. Masataka Ohta _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf