[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-52-g0ed881b
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-52-g0ed881b |
|
Date: |
Sat, 14 Jan 2012 13:16:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0ed881bd33f70f0bc211128a2ef1090952fa4337
The branch, master has been updated
via 0ed881bd33f70f0bc211128a2ef1090952fa4337 (commit)
from 09a762252deeadf602e7592671b6c3ed3b4c1132 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0ed881bd33f70f0bc211128a2ef1090952fa4337
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat Jan 14 13:51:16 2012 +0100
properly spread authentication and credentials doc.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-cert-auth.texi | 49 +++++++++++++++++++++++++
doc/cha-gtls-app.texi | 47 ++++++++++++++++++++++++
doc/cha-intro-tls.texi | 95 ------------------------------------------------
3 files changed, 96 insertions(+), 95 deletions(-)
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi
index 8dcb6e9..5253f5b 100644
--- a/doc/cha-cert-auth.texi
+++ b/doc/cha-cert-auth.texi
@@ -8,6 +8,55 @@ using a browser today. @acronym{GnuTLS} supports both
@acronym{X.509} certificates @xcite{PKIX} and @acronym{OpenPGP}
certificates using a common API.
+The key exchange algorithms supported by certificate authentication are
+shown in @ref{tab:key-exchange}.
+
address@hidden Table,tab:key-exchange
address@hidden @columnfractions .2 .7
+
address@hidden Key exchange @tab Description
+
address@hidden RSA @tab
+The RSA algorithm is used to encrypt a key and send it to the peer.
+The certificate must allow the key to be used for encryption.
+
address@hidden RSA_EXPORT @tab
+The RSA algorithm is used to encrypt a key and send it to the peer.
+In the EXPORT algorithm, the server signs temporary RSA parameters of
+512 bits --- which are considered weak --- and sends them to the
+client.
+
address@hidden DHE_RSA @tab
+The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters
+which are sent to the peer. The key in the certificate must allow the
+key to be used for signing. Note that key exchange algorithms which
+use ephemeral Diffie-Hellman parameters, offer perfect forward
+secrecy. That means that even if the private key used for signing is
+compromised, it cannot be used to reveal past session data.
+
address@hidden ECDHE_RSA @tab
+The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman
+parameters which are sent to the peer. The key in the certificate must allow
+the key to be used for signing. It also offers perfect forward
+secrecy. That means that even if the private key used for signing is
+compromised, it cannot be used to reveal past session data.
+
address@hidden DHE_DSS @tab
+The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters
+which are sent to the peer. The certificate must contain DSA
+parameters to use this key exchange algorithm. DSA is the algorithm
+of the Digital Signature Standard (DSS).
+
address@hidden ECDHE_ECDSA @tab
+The Elliptic curve DSA algorithm is used to sign ephemeral elliptic
+curve Diffie-Hellman parameters which are sent to the peer. The
+certificate must contain ECDSA parameters to use this key exchange
+algorithm.
+
address@hidden multitable
address@hidden key exchange algorithms.}
address@hidden float
+
@menu
* X.509 certificates::
* OpenPGP certificates::
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 0541fd6..1a9f08a 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -310,6 +310,53 @@ current session using @funcref{gnutls_credentials_set}.
* Anonymous credentials::
@end menu
+Each authentication method is associated with a key exchange method, and a
credentials type.
+The contents of the credentials is method-dependent, e.g. certificates
+for certificate authentication and should be initialized and associated
+with a session (see @funcref{gnutls_credentials_set}). A mapping of the key
exchange methods
+with the credential types is shown in @ref{tab:key-exchange-cred}.
+
address@hidden Table,tab:key-exchange-cred
address@hidden @columnfractions .25 .25 .2 .2
+
address@hidden Authentication method @tab Key exchange @tab Client credentials
@tab Server credentials
+
address@hidden Certificate
address@hidden @code{KX_RSA},
address@hidden,
address@hidden,
address@hidden,
address@hidden,
address@hidden
address@hidden @code{CRD_CERTIFICATE}
address@hidden @code{CRD_CERTIFICATE}
+
address@hidden Password and certificate
address@hidden @code{KX_SRP_RSA}, @code{KX_SRP_DSS}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_CERTIFICATE}, @code{CRD_SRP}
+
address@hidden Password
address@hidden @code{KX_SRP}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_SRP}
+
address@hidden Anonymous
address@hidden @code{KX_ANON_DH},
address@hidden
address@hidden @code{CRD_ANON}
address@hidden @code{CRD_ANON}
+
address@hidden Pre-shared key
address@hidden @code{KX_PSK},
address@hidden, @code{KX_ECDHE_PSK}
address@hidden @code{CRD_PSK}
address@hidden @code{CRD_PSK}
+
address@hidden multitable
address@hidden exchange algorithms and the corresponding credential types.}
address@hidden float
+
@node Certificate credentials
@subsection Certificates
@subsubheading Server certificate authentication
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 588b5cc..f0063bf 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -343,101 +343,6 @@ The available authentication methods in @acronym{GnuTLS}
follow.
@end itemize
address@hidden Table,tab:key-exchange
address@hidden @columnfractions .2 .7
-
address@hidden Key exchange @tab Description
-
address@hidden RSA @tab
-The RSA algorithm is used to encrypt a key and send it to the peer.
-The certificate must allow the key to be used for encryption.
-
address@hidden RSA_EXPORT @tab
-The RSA algorithm is used to encrypt a key and send it to the peer.
-In the EXPORT algorithm, the server signs temporary RSA parameters of
-512 bits --- which are considered weak --- and sends them to the
-client.
-
address@hidden DHE_RSA @tab
-The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters
-which are sent to the peer. The key in the certificate must allow the
-key to be used for signing. Note that key exchange algorithms which
-use ephemeral Diffie-Hellman parameters, offer perfect forward
-secrecy. That means that even if the private key used for signing is
-compromised, it cannot be used to reveal past session data.
-
address@hidden ECDHE_RSA @tab
-The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman
-parameters which are sent to the peer. The key in the certificate must allow
-the key to be used for signing. It also offers perfect forward
-secrecy. That means that even if the private key used for signing is
-compromised, it cannot be used to reveal past session data.
-
address@hidden DHE_DSS @tab
-The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters
-which are sent to the peer. The certificate must contain DSA
-parameters to use this key exchange algorithm. DSA is the algorithm
-of the Digital Signature Standard (DSS).
-
address@hidden ECDHE_ECDSA @tab
-The Elliptic curve DSA algorithm is used to sign ephemeral elliptic
-curve Diffie-Hellman parameters which are sent to the peer. The
-certificate must contain ECDSA parameters to use this key exchange
-algorithm.
-
address@hidden multitable
address@hidden key exchange algorithms.}
address@hidden float
-
-Each authentication method is associated with a key exchange method, shown
-in @ref{tab:key-exchange}, and a credentials type.
-The contents of the credentials is method-dependent, e.g. certificates
-for certificate authentication and should be initialized and associated
-with a session (see @funcref{gnutls_credentials_set}). A mapping of the key
exchange methods
-with the credential types is shown in @ref{tab:key-exchange-cred}.
-
address@hidden Table,tab:key-exchange-cred
address@hidden @columnfractions .25 .25 .2 .2
-
address@hidden Authentication method @tab Key exchange @tab Client credentials
@tab Server credentials
-
address@hidden Certificate
address@hidden @code{KX_RSA},
address@hidden,
address@hidden,
address@hidden,
address@hidden,
address@hidden
address@hidden @code{CRD_CERTIFICATE}
address@hidden @code{CRD_CERTIFICATE}
-
address@hidden Password and certificate
address@hidden @code{KX_SRP_RSA}, @code{KX_SRP_DSS}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_CERTIFICATE}, @code{CRD_SRP}
-
address@hidden Password
address@hidden @code{KX_SRP}
address@hidden @code{CRD_SRP}
address@hidden @code{CRD_SRP}
-
address@hidden Anonymous
address@hidden @code{KX_ANON_DH},
address@hidden
address@hidden @code{CRD_ANON}
address@hidden @code{CRD_ANON}
-
address@hidden Pre-shared key
address@hidden @code{KX_PSK},
address@hidden, @code{KX_ECDHE_PSK}
address@hidden @code{CRD_PSK}
address@hidden @code{CRD_PSK}
-
address@hidden multitable
address@hidden exchange algorithms and the corresponding credential types.}
address@hidden float
-
-
@node Client Authentication
@subsection Client authentication
@cindex client certificate authentication
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-52-g0ed881b,
Nikos Mavrogiannopoulos <=