"known in advance" public key authentication?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Nov 8 07:44:46 CET 2012
On 11/07/2012 10:18 PM, Ivan Shmakov wrote:
> OTOH, most of the data transferred over such a channel will
> either be public (and then either self-certifying or signed) or
> already encrypted anyway. Thus, for a start, I may forget about
> authentication altogether. Unfortunately, some fraction of the
> data is likely to be at least mildly sensitive, and apart from
> that, an authenticated channel opens a possibility of a DoS.
Without robust and reliable authentication of your peer, you can have no
guarantees of confidentiality.
Put another way: if you don't know who you are talking to, you cannot
have a private conversation. You might be talking to the very person
you want to keep a secret from!
Association of a public key with a peer over an untrusted network is a
challenging problem. Simply presenting a random public key at
connection time and expecting the other peer will automatically know
it's the right one opens your application up to a MITM attack.
You seem to be leaning in the direction of an unauthenticated
connection; while that might be sufficient against an eavesdropping-only
attacker, i advise you to reconsider. On the internet, it's not a large
leap to go from an eavesdropper to a MITM :(
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20121108/24908b62/attachment.pgp>
More information about the Gnutls-help
mailing list