Authenticating TCP connections based on public keys
Christian Stork
cstork at ics.uci.edu
Wed Sep 29 16:36:52 CEST 2004
On Wed, Sep 29, 2004 at 12:36:04PM +0200, Janusz A. Urbanowicz wrote:
> On Mon, Sep 27, 2004 at 02:12:55PM -0700, Christian Stork wrote:
> > Hi,
> >
> > I have a potentially naive question so please forgive me if I missed an
> > obvious answer or if this is not the appropriate list (at least I know
> > it's not an FAQ):
> >
> > Assume I'm running a service for certain peers. My server knows the
> > public keys of each peer. How can I use GPG (or any of its subprojects)
> > to authenticate an incoming connection based on these public keys? Is
> > there a standard for this case?
> >
> > (I'm interested in keeping the administrative overhead as low as
> > possible, which is why extra SSL certificates etc. are out of question.)
>
> You have to do key distribution in some way anyway (unless you want to use
> already distributed keys) so why don't use certs? SSL is the thing you want
> anyway. Or possibly SSH port tunneling. Or IPSec. SSL/TLS is still the main
> answer for question you asked.
Well, as I said, the GPG keys are already in place and the certs aren't.
Could I use GPG keys as certs? Or how about a nice challenge-responce
protocol based on GPG keys?
Anyway, thanks for you answer, Alex.
--
Chris Stork <> Support eff.org! <> http://www.ics.uci.edu/~cstork/
OpenPGP fingerprint: B08B 602C C806 C492 D069 021E 41F3 8C8D 50F9 CA2F
More information about the Gnupg-devel
mailing list