

The real problem and real solution for HTTPS - peterwwillis
http://opensourceandhackystuff.blogspot.com/2011/03/real-problem-and-real-solution-for.html

======
nbpoole
What you're describing sounds like the way SSH works. Here's some discussion
about that (along with its downsides) from the other HTTPS post.

<http://news.ycombinator.com/item?id=2376619>

~~~
peterwwillis
Sort of. What i'm proposing is a combination of CHAP based on mutual secrets
and the host IP and key checks SSH does, and after that PKI. (Though SSH
doesn't record the IP address of the destination unless you explicitly use the
IP, so the DNS address can still be spoofed)

