summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2013-05-05 18:52:05 +0300
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2013-05-05 18:52:30 +0300
commit157876c3cc6e53c55622e25d5b3ee76c94a72aae (patch)
tree334857c7260edd2d25c56bec55a09f148fdd4ab4
parent2a2fc29c73c9a364314755a9059c02c085876c5c (diff)
downloadgnutls-157876c3cc6e53c55622e25d5b3ee76c94a72aae.tar.gz
doc update
-rw-r--r--doc/cha-auth.texi11
1 files changed, 7 insertions, 4 deletions
diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi
index d2f15063e2..4079985307 100644
--- a/doc/cha-auth.texi
+++ b/doc/cha-auth.texi
@@ -82,12 +82,15 @@ connection other channels over the Internet may be used, e.g., @acronym{DNSSEC}
@subsection Two peers and a trusted third party
-When a trusted third party is available the most suitable option is to use
+When a trusted third party is available (or a certificate authority)
+the most suitable option is to use
certificate authentication (see @ref{Certificate authentication}).
The client and the server obtain certificates that associate their identity
-and public keys in a reliable way and use them to on the subsequent
-communications with each other. Each party verifies the peer's certificate
-using the trusted third party's certificate.
+and public keys using a digital signature by the trusted party and use
+them to on the subsequent communications with each other.
+Each party verifies the peer's certificate using the trusted third party's
+signature. The parameters of the third party's signature are present
+in its certificate which must be available to all communicating parties.
While the above is the typical authentication method for servers in the
Internet by using the commercial CAs, the users that act as clients in the