[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fwd: [Help-gnutls] Re: Authentication during Handshake
From: |
Nikos Mavrogiannopoulos |
Subject: |
Fwd: [Help-gnutls] Re: Authentication during Handshake |
Date: |
Tue, 20 May 2008 02:53:10 +0300 |
On Mon, May 19, 2008 at 11:38 PM, Rainer Gerhards <address@hidden> wrote:
> Hi Simon,
>
> I am working on both the client and server sides.
>
> What gives me most problems is the fingerprint authentication. In
> essence, each peer has a list of valid (remote peer's) certificate
> fingerprints. If the actual cert's fingerprint is in this list, the
> remote peer is succesfully authenticated. this is an alternate auth
> mode that does not require pki.
Actually this is a hack. As far as I remember there was no standard
way to fingerprint a certificate. MD5 was widely used for this but it
is broken now.
The alternative modes of TLS/SSL that do not require PKI are TLS-SRP
(rfc5054) and TLS-PSK (preshared keys - rfc 4279). These are the
straightforward ways to use TLS without PKI (certificates). Then it is
obvious to everybody how to perform the TLS handshake - if the shared
keys do not match it fails. Gnutls supports both of these modes.
Please suggest these to the authors of the protocol you're referencing.
regards,
Nikos
- Re: [Help-gnutls] Re: Authentication during Handshake, (continued)
- Re: [Help-gnutls] Re: Authentication during Handshake, Nikos Mavrogiannopoulos, 2008/05/21
- Message not available
- Re: [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/21
- Re: [Help-gnutls] Re: Authentication during Handshake, Nikos Mavrogiannopoulos, 2008/05/21
- Re: [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Simon Josefsson, 2008/05/30
- [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/30
- Message not available
- Fwd: [Help-gnutls] Re: Authentication during Handshake,
Nikos Mavrogiannopoulos <=
- Message not available
- Re: [Help-gnutls] Re: Authentication during Handshake, Rainer Gerhards, 2008/05/20