diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-14 13:51:16 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-14 13:51:16 +0100 |
commit | 0ed881bd33f70f0bc211128a2ef1090952fa4337 (patch) | |
tree | f468e30194c23f66ff2f8f9e09605bad3b594925 /doc/cha-intro-tls.texi | |
parent | 09a762252deeadf602e7592671b6c3ed3b4c1132 (diff) | |
download | gnutls-0ed881bd33f70f0bc211128a2ef1090952fa4337.tar.gz |
properly spread authentication and credentials doc.
Diffstat (limited to 'doc/cha-intro-tls.texi')
-rw-r--r-- | doc/cha-intro-tls.texi | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi index 588b5cc7fc..f0063bf91b 100644 --- a/doc/cha-intro-tls.texi +++ b/doc/cha-intro-tls.texi @@ -343,101 +343,6 @@ The available authentication methods in @acronym{GnuTLS} follow. @end itemize -@float Table,tab:key-exchange -@multitable @columnfractions .2 .7 - -@headitem Key exchange @tab Description - -@item RSA @tab -The RSA algorithm is used to encrypt a key and send it to the peer. -The certificate must allow the key to be used for encryption. - -@item RSA_EXPORT @tab -The RSA algorithm is used to encrypt a key and send it to the peer. -In the EXPORT algorithm, the server signs temporary RSA parameters of -512 bits --- which are considered weak --- and sends them to the -client. - -@item DHE_RSA @tab -The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters -which are sent to the peer. The key in the certificate must allow the -key to be used for signing. Note that key exchange algorithms which -use ephemeral Diffie-Hellman parameters, offer perfect forward -secrecy. That means that even if the private key used for signing is -compromised, it cannot be used to reveal past session data. - -@item ECDHE_RSA @tab -The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman -parameters which are sent to the peer. The key in the certificate must allow -the key to be used for signing. It also offers perfect forward -secrecy. That means that even if the private key used for signing is -compromised, it cannot be used to reveal past session data. - -@item DHE_DSS @tab -The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters -which are sent to the peer. The certificate must contain DSA -parameters to use this key exchange algorithm. DSA is the algorithm -of the Digital Signature Standard (DSS). - -@item ECDHE_ECDSA @tab -The Elliptic curve DSA algorithm is used to sign ephemeral elliptic -curve Diffie-Hellman parameters which are sent to the peer. The -certificate must contain ECDSA parameters to use this key exchange -algorithm. - -@end multitable -@caption{Supported key exchange algorithms.} -@end float - -Each authentication method is associated with a key exchange method, shown -in @ref{tab:key-exchange}, and a credentials type. -The contents of the credentials is method-dependent, e.g. certificates -for certificate authentication and should be initialized and associated -with a session (see @funcref{gnutls_credentials_set}). A mapping of the key exchange methods -with the credential types is shown in @ref{tab:key-exchange-cred}. - -@float Table,tab:key-exchange-cred -@multitable @columnfractions .25 .25 .2 .2 - -@headitem Authentication method @tab Key exchange @tab Client credentials @tab Server credentials - -@item Certificate -@tab @code{KX_RSA}, -@code{KX_DHE_RSA}, -@code{KX_DHE_DSS}, -@code{KX_ECDHE_RSA}, -@code{KX_ECDHE_ECDSA}, -@code{KX_RSA_EXPORT} -@tab @code{CRD_CERTIFICATE} -@tab @code{CRD_CERTIFICATE} - -@item Password and certificate -@tab @code{KX_SRP_RSA}, @code{KX_SRP_DSS} -@tab @code{CRD_SRP} -@tab @code{CRD_CERTIFICATE}, @code{CRD_SRP} - -@item Password -@tab @code{KX_SRP} -@tab @code{CRD_SRP} -@tab @code{CRD_SRP} - -@item Anonymous -@tab @code{KX_ANON_DH}, -@code{KX_ANON_ECDH} -@tab @code{CRD_ANON} -@tab @code{CRD_ANON} - -@item Pre-shared key -@tab @code{KX_PSK}, -@code{KX_DHE_PSK}, @code{KX_ECDHE_PSK} -@tab @code{CRD_PSK} -@tab @code{CRD_PSK} - -@end multitable -@caption{Key exchange algorithms and the corresponding credential types.} -@end float - - @node Client Authentication @subsection Client authentication @cindex client certificate authentication |