Initial exchanges of public keys are vulnerable to the man-in-the-middle attack. Describe as many defences against it as you can.

What will be an ideal response?

1. Use a private channel for the delivery of initial keys, such as a CDROM delivered by hand or by some other rellable method.

2. Include the Domain Name in the certificate and deal only with the correct corresponding IP address.

3. If certificates are delivered through the network, validate them with a ‘key fingerprint’ – a character string that is derived from the key with a standard one-way function - that was delivered by a separate channel (e.g. on a business card).