PAX Overview PAX-Auth: 1 RT HMAC-based client authentication Optional server-side certificate provides identity protection Secure under the Standard model PAX-Update: 2 RT mutually authenticated Diffie-Hellman protocol Only used when key update is required Optional server-side certificate provides identity protection and security against dictionary attacks Secure under the RO model and DDH problem |