[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "known in advance" public key authentication?
From: |
Ivan Shmakov |
Subject: |
Re: "known in advance" public key authentication? |
Date: |
Wed, 07 Nov 2012 23:32:27 +0700 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux) |
>>>>> Daniel Kahn Gillmor <address@hidden> writes:
[…]
> I think the OP may want to avoid calling
> gnutls_certificate_verify_peers2, and write their own function to be
> passed to gnutls_certificate_set_verify_function that just compares
> the certificate received against a local file.
The problem is that I'd need to either pass around an otherwise
superfluous X.509 (private key, certificate) file, or to create
it when a connection is to be established.
> https://www.gnu.org/software/gnutls/manual/html_node/Certificate-credentials.html
> Alternately (for a bit more flexibility in re-keying, should that
> come up, at the cost of extra administrative overhead), the OP could
> run their own X.509 or OpenPGP signing authority; then ship that
> signing authority with both peers, and use it to sign the
> certificates of either peer.
To put it short, the application in question uses
“self-certified identifiers”; i. e., the public key /is/ the
identifier of the peer. Thus, there doesn't seem to be any
reason whatsoever to sign the public keys used, and both X.509
and OpenPGP hence become of little use.
--
FSF associate member #7257
- "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
- Re: "known in advance" public key authentication?, Graham Murray, 2012/11/07
- Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
- Re: "known in advance" public key authentication?,
Ivan Shmakov <=
- Re: "known in advance" public key authentication?, Daniel Kahn Gillmor, 2012/11/07
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/07
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/11
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/13
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/13
- Re: "known in advance" public key authentication?, Nikos Mavrogiannopoulos, 2012/11/14
- Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/19
Re: "known in advance" public key authentication?, Ivan Shmakov, 2012/11/07
Re: "known in advance" public key authentication?, Ilari Liusvaara, 2012/11/07
Re: "known in advance" public key authentication?, Florian Weimer, 2012/11/07