I know that it is very popular to bash the PKI system but there are security differences between an anonymous DH and PKI deployment that provides server-side authentication. And: Keep in mind that we have various activities in the IETF ongoing that help to improve the security of the PKI. Am 17.11.13 23:12, schrieb Masataka Ohta: > Theodore Ts'o wrote: > >> For example, using D-H with no attempt to authenticate the endpoints >> means does not protect you against an active attacker who is carrying >> out a MITM attack. > > That being said, the problem for PKI is that, assuming active > MITM attacks both on ISP chains and CA chains, it offer no > better security than DH, > > As DH involves end systems only, there is no point of deploying > PKI with no additional benefits. > > Masataka Ohta >