>>>>> "Eliot" == Eliot Lear writes:
Eliot> Perhaps I'm not well enough versed to understand why this would
Eliot> case, unless the other end can prove itself in some meaningful
Eliot> the next phase that the user would actually understand. And
Eliot> I'm not sure that solves MITM.
It can be made to solve MITM.
My argument is that there are a number of cases where the other end can
prove its identity in a sufficiently meaningful way at a higher level.
If it knows the same secret as I do, then it's one of the people who
knows that secret. If only two people know the secret and I'm one of
them, well I probably know who it is. If the other end then tells me
the name of its cert, I check that name and confirm I trust the CA,
then I have met the requirements of 4.5.
>> I think it is quite possible to accomplish 4.5 in the case
>> where you have an existing relationship with a site based on
>> shared secrets.
Eliot> Section 4.6 assumes that there is a third party identity
Eliot> needn't be the case, but if it is, it is sufficient to have a
Eliot> nonce, and a public/private key pair, is it not?
All this is true.
I don't see how it has anything to do with 4.6.