Re: [Help-gnutls] Signing multicast traffic with gnutls API ?

[Henning Rogge]

Am Thursday 30 October 2008 18:56:55 schrieb Nikos Mavrogiannopoulos:

> Nikos Mavrogiannopoulos wrote:

> > The easiest sollution seems to sign a hash value of every package

> > with a

>

> >> asymmetric public key and check this signature at the

> >> receiver/retransmitter.

> >

> > Actually you cannot use TLS as a protocol since you don't have peer to

> > peer communication to perform a handshake. You could use

> > gnutls_x509_privkey_sign_data() and verify_data().

>

> However you must know that replay/reordering attacks and maybe others

> are possible, so care must be taken to avoid those if they apply.

The flooding service already put a sequence number into the data, which should block replay/reordering attacks.

> It

> might be better to check if there is already a protocol for signing

> broadcasted data, and follow that.

Unfortunately I was unable to track down a good way to authenticate multihop flooding broadcasts.

Henning

*************************************************

Diplom Informatiker Henning Rogge

Forschungsgesellschaft für

Angewandte Naturwissenschaften e. V. (FGAN)

Neuenahrer Str. 20, 53343 Wachtberg, Germany

Tel.: 0049 (0)228 9435-961

Fax: 0049 (0)228 9435-685

E-Mail: address@hidden

Web: www.fgan.de

************************************************

Sitz der Gesellschaft: Bonn

Registergericht: Amtsgericht Bonn VR 2530

Vorstand: Dr. rer. nat. Ralf Dornhaus (Vors.), Prof. Dr. Joachim Ender (Stellv.)

signature.asc
Description: This is a digitally signed message part.