architecture: Secure channel is different from authenticated
(This is obvious but when exploring P2P I lost sight of the authenticated half because I was too focused on the secure channel.)
In HTTPS Diffie-Hellman key exchange is used to create an encrypted channel over an unencrypted channel. It then relies upon PKI to verify the identity of the remote party.
Sharing a secret between two peers allows them to verify their identity to each other over a channel. This is independent of creating an encrypted channel.
Published on: 30 Aug 2025