--On Saturday, October 03, 2009 12:19:51 AM -0700 Russ Allbery <rra@stanford.edu> wrote: > - <t>This attack can be ameliorated if the client is authenticated Properly, the attack is ameliorated if the _server_ is authenticated. Authentication schemes are possible which prove the client's identity but not the server's, and these would not protect against such an attack. -- Jeff