Theodore Ts'o wrote: > For example, using D-H with no attempt to authenticate the endpoints > means does not protect you against an active attacker who is carrying > out a MITM attack. That being said, the problem for PKI is that, assuming active MITM attacks both on ISP chains and CA chains, it offer no better security than DH, As DH involves end systems only, there is no point of deploying PKI with no additional benefits. Masataka Ohta