help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "known in advance" public key authentication?

From: Daniel Kahn Gillmor
Subject: Re: "known in advance" public key authentication?
Date: Thu, 08 Nov 2012 01:44:46 -0500
User-agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.10) Gecko/20121028 Icedove/10.0.10 
On 11/07/2012 10:18 PM, Ivan Shmakov wrote:
>       OTOH, most of the data transferred over such a channel will
>       either be public (and then either self-certifying or signed) or
>       already encrypted anyway.  Thus, for a start, I may forget about
>       authentication altogether.  Unfortunately, some fraction of the
>       data is likely to be at least mildly sensitive, and apart from
>       that, an authenticated channel opens a possibility of a DoS.

Without robust and reliable authentication of your peer, you can have no
guarantees of confidentiality.

Put another way: if you don't know who you are talking to, you cannot
have a private conversation.  You might be talking to the very person
you want to keep a secret from!

Association of a public key with a peer over an untrusted network is a
challenging problem.  Simply presenting a random public key at
connection time and expecting the other peer will automatically know
it's the right one opens your application up to a MITM attack.

You seem to be leaning in the direction of an unauthenticated
connection; while that might be sufficient against an eavesdropping-only
attacker, i advise you to reconsider.  On the internet, it's not a large
leap to go from an eavesdropper to a MITM :(

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]