diff options
-rw-r--r-- | doc/cha-auth.texi | 16 | ||||
-rw-r--r-- | doc/cha-tokens.texi | 2 | ||||
-rw-r--r-- | doc/latex/Makefile.am | 6 | ||||
-rw-r--r-- | doc/latex/gnutls.tex | 6 |
4 files changed, 16 insertions, 14 deletions
diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi index d3894dc84d..d2f15063e2 100644 --- a/doc/cha-auth.texi +++ b/doc/cha-auth.texi @@ -35,20 +35,21 @@ methods in @acronym{GnuTLS} in various scenarios. Let's consider two peers need to communicate over an untrusted channel (the Internet), but have an out-of-band channel available. The latter -channel is considered safe from eavesdropping or modification and thus -may be used for an initial bootstrapping of the protocol. The options +channel is considered safe from eavesdropping and message modification and thus +can be used for an initial bootstrapping of the protocol. The options available are: @itemize @item Pre-shared keys (see @ref{PSK authentication}). The server and a -client communicate a shared randomly generated key and use it to -negotiate further sessions over the untrusted channel. +client communicate a shared randomly generated key over the trusted +channel and use it to negotiate further sessions over the untrusted channel. @item Passwords (see @ref{SRP authentication}). The client communicates to the server his username and password of choice and uses it to negotiate further sessions over the untrusted channel. @item Public keys (see @ref{Certificate authentication}). The client -and the server exchange their public keys (or fingerprints of them). +and the server exchange their public keys (or fingerprints of them) +over the trusted channel. On future sessions over the untrusted channel they verify the key being the same (similar to @ref{Verifying a certificate using trust on first use authentication}). @@ -62,7 +63,7 @@ network), etc. @subsection Two peers without an out-of-band channel -When an out-of-band channel is not available the peer cannot be reliably +When an out-of-band channel is not available a peer cannot be reliably authenticated. What can be done, however, is to allow some form of registration of users connecting for the first time and ensure that their keys remain the same after that initial connection. This is termed @@ -76,7 +77,8 @@ being the same (see @ref{Verifying a certificate using trust on first use authentication}). To mitigate the uncertainty of the information exchanged in the first -connection other channels over the Internet may be used (e.g., @ref{Verifying a certificate using DANE}). +connection other channels over the Internet may be used, e.g., @acronym{DNSSEC} +(see @ref{Verifying a certificate using DANE}). @subsection Two peers and a trusted third party diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi index e6d3fe4c62..34184eeb6e 100644 --- a/doc/cha-tokens.texi +++ b/doc/cha-tokens.texi @@ -25,7 +25,7 @@ preventing their extraction. Since there are many forms of a public or private keys supported by @acronym{GnuTLS} such as @acronym{X.509}, @acronym{OpenPGP}, @acronym{PKCS} #11 or TPM it is desirable to allow common operations on them. For these reasons the abstract @code{gnutls_privkey_t} and @code{gnutls_pubkey_t} were -introduced in @code{gnutls/abstract.h} header. Those types are initialized using a specific type of +introduced in @code{gnutls/@-abstract.h} header. Those types are initialized using a specific type of key and then can be used to perform operations in an abstract way. For example in order to sign an X.509 certificate with a key that resides in a token the following steps must be used. diff --git a/doc/latex/Makefile.am b/doc/latex/Makefile.am index 3d8fc473f7..46328d886d 100644 --- a/doc/latex/Makefile.am +++ b/doc/latex/Makefile.am @@ -7,7 +7,8 @@ GEN_TEX_OBJECTS = cha-preface.tex cha-library.tex cha-intro-tls.tex cha-cert-aut cha-errors.tex alerts.tex cha-internals.tex cha-gtls-examples.tex cha-upgrade.tex \ invoke-certtool.tex invoke-gnutls-cli.tex invoke-gnutls-serv.tex cha-tokens.tex \ invoke-srptool.tex invoke-psktool.tex invoke-gnutls-cli-debug.tex \ - invoke-p11tool.tex invoke-ocsptool.tex invoke-tpmtool.tex invoke-danetool.tex + invoke-p11tool.tex invoke-ocsptool.tex invoke-tpmtool.tex invoke-danetool.tex \ + cha-auth.tex invoke-certtool.tex: ../invoke-certtool.texi ../scripts/mytexi2latex $< > $@ @@ -18,6 +19,9 @@ cha-upgrade.tex: ../cha-upgrade.texi cha-tokens.tex: ../cha-tokens.texi ../scripts/mytexi2latex $< > $@ +cha-auth.tex: ../cha-auth.texi + ../scripts/mytexi2latex $< > $@ + invoke-gnutls-cli.tex: ../invoke-gnutls-cli.texi ../scripts/mytexi2latex $< > $@ diff --git a/doc/latex/gnutls.tex b/doc/latex/gnutls.tex index 77e93661c3..1dbe4f061b 100644 --- a/doc/latex/gnutls.tex +++ b/doc/latex/gnutls.tex @@ -60,11 +60,7 @@ \input{cha-intro-tls} -\input{cha-cert-auth} - -\input{cha-shared-key} - -\input{cha-cert-auth2} +\input{cha-auth} \input{cha-tokens} |