Hannes Tschofenig wrote: > I know that it is very popular to bash the PKI system but there are > security differences between an anonymous DH and PKI deployment that > provides server-side authentication. Assuming active MITM attacks both on ISP chains and CA chains, what, do you think, are the differences? A concrete example is especially welcome. Note that we, none US citizens, must expect such attacks, because active MITM attacks of NSA on people without US citizenship are, under US legislation, even legal. > And: Keep in mind that we have various activities in the IETF ongoing > that help to improve the security of the PKI. As PKI is fundamentally insecure against active attacks, there is no point of improving it. I do realize stupidity level of IETF, especially on DNSSEC. Masataka Ohta