<html>
<body>
<blockquote type=cite class=cite cite=""><font size=3>Browsers cannot do
asymmetric cryptography out of the context of the site you're visiting,
so I think "us doubters" might have a valid
point</blockquote><br>
Don't get me wrong, folks.<br><br>
This sentence:<br>
It may help those doubters if we now briefly
explain how EKE accomplishes a) and b).<br>
was not aimed at the doubters. <br><br>
In any case, there is nothing at all wrong with doubting; it helps and is
to be commended.<br><br>
All I meant was that it may help if we now briefly explain how EKE
accomplishes a) and b). Help me,* help the very valuable doubters,
and help anyone else interested.<br><br>
It turns out, of course, that some of us, myself included, missed the
point of the question.<br><br>
I look forward to a happy future when browser technology 1) stores public
key/URL pairs, as Firefox now stores user+password/URL pairs and 2)
either handles the authentication (while using SSL encryption) or handles
public key encryption, too, as Thunderbird now does. <br><br>
Cordially, Joaquin<br><br>
<br>
* I don't see how any negotiated authentication or negotiated encryption
key can help against the man in the middle, without some data being
passed in another channel (quite possibly in the clear).<br><br>
<br><br>
<br><br>
</font></body>
</html>