[Help-gnutls] Signing multicast traffic with gnutls API ?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Oct 30 18:56:55 CET 2008
Nikos Mavrogiannopoulos wrote:
>> The easiest sollution seems to sign a hash value of every package
with a
>> asymmetric public key and check this signature at the
>> receiver/retransmitter.
> Actually you cannot use TLS as a protocol since you don't have peer to
> peer communication to perform a handshake. You could use
> gnutls_x509_privkey_sign_data() and verify_data().
However you must know that replay/reordering attacks and maybe others
are possible, so care must be taken to avoid those if they apply. It
might be better to check if there is already a protocol for signing
broadcasted data, and follow that.
regards,
Nikos
More information about the Gnutls-help
mailing list