|
From: | Henning Rogge |
Subject: | Re: [Help-gnutls] Signing multicast traffic with gnutls API ? |
Date: | Fri, 31 Oct 2008 07:29:09 +0100 |
User-agent: | KMail/1.10.1 (Linux/2.6.26-1-openvz-686; KDE/4.1.2; i686; ; ) |
Am Thursday 30 October 2008 18:56:55 schrieb Nikos Mavrogiannopoulos: > Nikos Mavrogiannopoulos wrote: > > The easiest sollution seems to sign a hash value of every package > > with a > > >> asymmetric public key and check this signature at the > >> receiver/retransmitter. > > > > Actually you cannot use TLS as a protocol since you don't have peer to > > peer communication to perform a handshake. You could use > > gnutls_x509_privkey_sign_data() and verify_data(). > > However you must know that replay/reordering attacks and maybe others > are possible, so care must be taken to avoid those if they apply. The flooding service already put a sequence number into the data, which should block replay/reordering attacks. > It > might be better to check if there is already a protocol for signing > broadcasted data, and follow that. Unfortunately I was unable to track down a good way to authenticate multihop flooding broadcasts. Henning ************************************************* Diplom Informatiker Henning Rogge Forschungsgesellschaft für Angewandte Naturwissenschaften e. V. (FGAN) Neuenahrer Str. 20, 53343 Wachtberg, Germany Tel.: 0049 (0)228 9435-961 Fax: 0049 (0)228 9435-685 E-Mail: address@hidden Web: www.fgan.de ************************************************ Sitz der Gesellschaft: Bonn Registergericht: Amtsgericht Bonn VR 2530 Vorstand: Dr. rer. nat. Ralf Dornhaus (Vors.), Prof. Dr. Joachim Ender (Stellv.) |
signature.asc
Description: This is a digitally signed message part.
[Prev in Thread] | Current Thread | [Next in Thread] |