The first time that public keys are exchanged, authentication is recommended; this is done via telephone with the administrator of the remote site to eliminate the possibility of a man-in-the-middle attack.

With this attack, someone between the two systems interrupts the transmission, steals the public keys, and substitutes their own, thus allowing the compromised transmission to continue.