rfc: verify-ssh

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rfc: verify-ssh

From:	Nikos Mavrogiannopoulos
Subject:	rfc: verify-ssh
Date:	Sat, 28 Jan 2012 14:09:26 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16

Hello,
 I've added two new functions gnutls_verify_stored_pubkey() and
gnutls_store_pubkey() [0], that allow for an SSH-style authentication.
That is they allow to trust public keys from certificates associated
with a hostname and a service, based on whether they have been seen before.

This by itself is not really much, but using it in a hybrid model where
certificates are verified using the trusted certificate list _and_ the
known public keys, it would increase security overall, as a compromise
of a CA would not be enough to perform man-in-the-middle.

Comments on the idea and the implementation are welcome.

regards,
Nikos

[0].
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=lib/verify-ssh.c;h=8d6562f705a76ae7f4be4304b433f2aec4191e26;hb=HEAD

[Prev in Thread]

Current Thread

[Next in Thread]

rfc: verify-ssh, Nikos Mavrogiannopoulos <=
- Re: rfc: verify-ssh, Daniel Kahn Gillmor, 2012/01/31
  - Re: rfc: verify-ssh, Nikos Mavrogiannopoulos, 2012/01/31
    - Re: rfc: verify-ssh, Daniel Kahn Gillmor, 2012/01/31

Prev by Date: Re: NXWEB 3.0 is out (adds SSL, http proxy, and even better performance)
Next by Date: Invitation to connect on LinkedIn
Previous by thread: NXWEB 3.0 is out (adds SSL, http proxy, and even better performance)
Next by thread: Re: rfc: verify-ssh
Index(es):
- Date
- Thread