diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-11-01 21:50:22 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2005-11-01 21:50:22 +0000 |
| commit | b609d5c4f2c7381186e9522ccb6057288b0c71c2 (patch) | |
| tree | ff5fedc0ef1ee8407212e2af4eb5640086ed550a | |
| parent | a0c918dfb106496f93166af8282c3e87bfab9395 (diff) | |
| download | gnutls-b609d5c4f2c7381186e9522ccb6057288b0c71c2.tar.gz | |
better output for non-tex formats.
| -rw-r--r-- | doc/gnutls.texi | 13 | ||||
| -rw-r--r-- | doc/signatures.texi | 10 |
2 files changed, 15 insertions, 8 deletions
diff --git a/doc/gnutls.texi b/doc/gnutls.texi index 40dd7be15b..a1e65347c4 100644 --- a/doc/gnutls.texi +++ b/doc/gnutls.texi @@ -1187,6 +1187,7 @@ int main() @menu * The X.509 trust model:: * The OpenPGP trust model:: +* Digital signatures:: @end menu @node The X.509 trust model @@ -1210,7 +1211,6 @@ handling @acronym{X.509} certificates is described at section @menu * X.509 certificates:: * Verifying X.509 certificate paths:: -* Digital signatures:: * PKCS #10 certificate requests:: * PKCS #12 structures:: @end menu @@ -1381,11 +1381,6 @@ about the peer's identity. It is required to verify if the certificate's owner is the one you expect. For more information consult @mybibcite{RFC2818} and section @ref{ex:verify} for an example. -@node Digital signatures -@subsection Digital signatures -@cindex Digital signatures -@include signatures.texi - @node PKCS #10 certificate requests @subsection @acronym{PKCS} #10 certificate requests @cindex Certificate requests @@ -1498,6 +1493,12 @@ These algorithms have been broken and should not be trusted. @end table +@node Digital signatures +@section Digital signatures +@cindex Digital signatures +@include signatures.texi + + @node How to use TLS in application protocols @chapter How to use @acronym{TLS} in application protocols diff --git a/doc/signatures.texi b/doc/signatures.texi index db24f93a1a..c263af05d9 100644 --- a/doc/signatures.texi +++ b/doc/signatures.texi @@ -63,10 +63,16 @@ The last two requirements in the list are the most important in digital signatur against somebody who would like to generate two messages with the same hash output. When an algorithm is considered broken usually it means that the Collision resistance of the algorithm is less than brute force. Using the birthday paradox the brute force attack takes -@math{2^{hash size \over 2}}operations. Today colliding certificates using the MD5 hash algorithm +@iftex +@math{2^{\texttt{hash size} \over 2}} +@end iftex +@ifnottex +@math{2^(hash size / 2)} +@end ifnottex +operations. Today colliding certificates using the MD5 hash algorithm have been generated as shown in @mybibcite{WEGER}. -@subsubsection Trading security for interoperability +@subsection Trading security for interoperability If you connect to a server and use GnuTLS' functions to verify the certificate chain, and get a @ref{GNUTLS_CERT_INSECURE_ALGORITHM} |