discourage usage of anonymous authentication

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2013-06-03 21:09:01 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2013-06-03 21:09:01 +0200
commit: ff5179b7dd1a17bd28af962cf35e463ccefeb98d (patch)
tree: 076c35371a083d73ef844e5b19e23224f8429d11 /doc/cha-shared-key.texi
parent: 0cd5745d2f05313e7ab5a9284eb4c0ee41f9f598 (diff)
download: gnutls-ff5179b7dd1a17bd28af962cf35e463ccefeb98d.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/cha-shared-key.texi b/doc/cha-shared-key.texi
index 5931070807..bbc83e6f55 100644
--- a/doc/cha-shared-key.texi
+++ b/doc/cha-shared-key.texi
@@ -128,8 +128,10 @@ The anonymous key exchange offers encryption without any
 indication of the peer's identity.  This kind of authentication
 is vulnerable to a man in the middle attack, but can be
 used even if there is no prior communication or shared trusted parties 
-with the peer. Moreover it is useful when complete anonymity is required. 
-Unless in one of the above cases, do not use anonymous authentication.  
+with the peer. Nevertheless it is useful when complete anonymity is required. 
+
+Unless in the above case, it is not recommended to use anonymous authentication. An alternative
+with better properties is trust on first use (see @ref{Verifying a certificate using trust on first use authentication}).
 
 The available key exchange algorithms for anonymous authentication are
 shown below, but note that few public servers support them. They typically
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2013-06-03 21:09:01 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2013-06-03 21:09:01 +0200
commit	ff5179b7dd1a17bd28af962cf35e463ccefeb98d (patch)
tree	076c35371a083d73ef844e5b19e23224f8429d11 /doc/cha-shared-key.texi
parent	0cd5745d2f05313e7ab5a9284eb4c0ee41f9f598 (diff)
download	gnutls-ff5179b7dd1a17bd28af962cf35e463ccefeb98d.tar.gz