diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-22 22:39:10 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-22 22:39:33 +0200 |
| commit | 76193fc1e552eac3096af9b61770cf35c8fa1b23 (patch) | |
| tree | 96838334fc2e824d147ee80194e6bbde9f0dc495 /doc/cha-auth.texi | |
| parent | 8da833f2352269e3c4757734cec1ea2facb235d9 (diff) | |
| download | gnutls-76193fc1e552eac3096af9b61770cf35c8fa1b23.tar.gz | |
Discussed the newly added ciphersuites.
Diffstat (limited to 'doc/cha-auth.texi')
| -rw-r--r-- | doc/cha-auth.texi | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi index 73e8c23665..b359af9b18 100644 --- a/doc/cha-auth.texi +++ b/doc/cha-auth.texi @@ -167,18 +167,31 @@ In the EXPORT algorithm, the server signs temporary RSA parameters of client. @item DHE_RSA: -The RSA algorithm is used to sign Ephemeral Diffie-Hellman parameters +The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters which are sent to the peer. The key in the certificate must allow the key to be used for signing. Note that key exchange algorithms which -use Ephemeral Diffie-Hellman parameters, offer perfect forward +use ephemeral Diffie-Hellman parameters, offer perfect forward +secrecy. That means that even if the private key used for signing is +compromised, it cannot be used to reveal past session data. + +@item ECDHE_RSA: +The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman +parameters which are sent to the peer. The key in the certificate must allow +the key to be used for signing. It also offers perfect forward secrecy. That means that even if the private key used for signing is compromised, it cannot be used to reveal past session data. @item DHE_DSS: -The DSS algorithm is used to sign Ephemeral Diffie-Hellman parameters +The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters which are sent to the peer. The certificate must contain DSA -parameters to use this key exchange algorithm. DSS stands for Digital -Signature Standard. +parameters to use this key exchange algorithm. DSA is the algorithm +of the Digital Signature Standard (DSS). + +@item ECDHE_ECDSA: +The Elliptic curve DSA algorithm is used to sign ephemeral elliptic +curve Diffie-Hellman parameters which are sent to the peer. The +certificate must contain ECDSA parameters to use this key exchange +algorithm. @end table @@ -205,6 +218,10 @@ Supported anonymous key exchange algorithms: @item ANON_DH: This algorithm exchanges Diffie-Hellman parameters. +@item ANON_ECDH: +This algorithm exchanges elliptic curve Diffie-Hellman parameters. It is more +efficient than ANON_DH on equivalent security levels. + @end table @node Authentication using SRP |