diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-06-03 21:09:01 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-06-03 21:09:01 +0200 |
commit | ff5179b7dd1a17bd28af962cf35e463ccefeb98d (patch) | |
tree | 076c35371a083d73ef844e5b19e23224f8429d11 /doc/cha-shared-key.texi | |
parent | 0cd5745d2f05313e7ab5a9284eb4c0ee41f9f598 (diff) | |
download | gnutls-ff5179b7dd1a17bd28af962cf35e463ccefeb98d.tar.gz |
discourage usage of anonymous authentication
Diffstat (limited to 'doc/cha-shared-key.texi')
-rw-r--r-- | doc/cha-shared-key.texi | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/cha-shared-key.texi b/doc/cha-shared-key.texi index 5931070807..bbc83e6f55 100644 --- a/doc/cha-shared-key.texi +++ b/doc/cha-shared-key.texi @@ -128,8 +128,10 @@ The anonymous key exchange offers encryption without any indication of the peer's identity. This kind of authentication is vulnerable to a man in the middle attack, but can be used even if there is no prior communication or shared trusted parties -with the peer. Moreover it is useful when complete anonymity is required. -Unless in one of the above cases, do not use anonymous authentication. +with the peer. Nevertheless it is useful when complete anonymity is required. + +Unless in the above case, it is not recommended to use anonymous authentication. An alternative +with better properties is trust on first use (see @ref{Verifying a certificate using trust on first use authentication}). The available key exchange algorithms for anonymous authentication are shown below, but note that few public servers support them. They typically |