|
|
|
|
|
|
by Silhouette
2568 days ago
|
|
|
This is the real beauty of public key cryptography, you can negotiate a secure channel over an open channel. You still need sufficient shared information as a starting point to authenticate the other party, so that doesn't really avoid the need for a secure side channel. In practice we often trust that the baseline of certificates that come with a new device or built into a browser are sufficient for this purpose, but there is still an attack surface there and our existing CA infrastructure and processes are not perfect. |
|
|