[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
rfc: verify-ssh
From: |
Nikos Mavrogiannopoulos |
Subject: |
rfc: verify-ssh |
Date: |
Sat, 28 Jan 2012 14:09:26 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16 |
Hello,
I've added two new functions gnutls_verify_stored_pubkey() and
gnutls_store_pubkey() [0], that allow for an SSH-style authentication.
That is they allow to trust public keys from certificates associated
with a hostname and a service, based on whether they have been seen before.
This by itself is not really much, but using it in a hybrid model where
certificates are verified using the trusted certificate list _and_ the
known public keys, it would increase security overall, as a compromise
of a CA would not be enough to perform man-in-the-middle.
Comments on the idea and the implementation are welcome.
regards,
Nikos
[0].
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=blob;f=lib/verify-ssh.c;h=8d6562f705a76ae7f4be4304b433f2aec4191e26;hb=HEAD
- rfc: verify-ssh,
Nikos Mavrogiannopoulos <=