This week in class we were taught about authentication and key exchange protocols.
From what I understood, I could broadly classify them into two different types:
1. Using trusted third party: Where the two parties depend on another third party to authenticate them (e.g. Needham Schroeder protocol, Kerberos etc)
2. Using shared/established keys to encrypt messages and then authenticate: This kind of protocols communicate via an encypted channel using a shared/established key.
Is it possible to securely authenticate via any other way or am I right in assuming that these are the only two classifications possible?
I feel that any other type of protocol would either be vulnerable to Man in the middle or Replay attacks.
EDIT: By encryption I mean keeping the nonce and other challenge responses secret