diff options
Diffstat (limited to 'doc/tex/gnutls.tex')
-rw-r--r-- | doc/tex/gnutls.tex | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/doc/tex/gnutls.tex b/doc/tex/gnutls.tex index 14f2c6f5bd..575731a95f 100644 --- a/doc/tex/gnutls.tex +++ b/doc/tex/gnutls.tex @@ -1,7 +1,6 @@ \documentclass{book} \usepackage{html} \usepackage{fancyheadings} -\usepackage{times} \input{macros} @@ -20,32 +19,44 @@ \chapter{The Library} \section{Introduction} \par -\gnutls is a library which implements the {\bf TLS 1.0} and {\bf SSL 3.0} protocols. +\gnutls is a portable library which implements the {\emph TLS 1.0} and +{\emph SSL 3.0} protocols. TLS stands for 'Transport Layer Security' and is the sucessor of SSL\footnote{ SSL or Secure Sockets Layer is a protocol designed by Netscape. TLS 1.0 is based on -{\bf SSL 3.0} protocol. {\bf SSL 2.0} is very old protocol which is vulnerable to several attacks. SSL 2.0 is not -implemented in \gnutls}. -{\bf TLS 1.0} is described is {\it RFC 2246} and is an Internet protocol, +{\emph SSL 3.0} protocol. {\emph SSL 2.0} is a very old protocol which is vulnerable +to several attacks. SSL 2.0 is not implemented in \gnutls}. +{\emph TLS 1.0}\footnote{described in {\it RFC 2246}} is an Internet protocol, defined by IETF\footnote{IETF or Internet Engineering Task Force is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.} -that provides confidentiality, and authentication layers. -TLS is mostly used over {\bf TCP/IP} although this is not restrictive, you may -use it over any reliable transport layer. +that provides confidentiality, and authentication layers over a {reliable +transport layer}\footnote{TLS is mostly used over {\emph TCP/IP} although this is not restrictive, you may +use it over any reliable transport layer.}. \gnutls implements the +above protocols in reentrant way in order to be used in multiple threads of +execution (without the need for Critical Sections). + +\par Currently \gnutls implements: \begin{itemize} \item the {\bf TLS 1.0} and {\bf{ SSL 3.0}} protocols, without any (US) export-controlled algorithms \item {\bf X509} Public Key Infrastructure (with several limitations). \item {\bf SRP} for TLS authentication. - \item TLS {\bf Extensions} + \item TLS {\bf Extension mechanism} \end{itemize} \subsection{Confidentiality} \par -Confidentiality is provided by using symmetric encryption algorithms like {\bf 3DES}, {\bf AES}, or -stream algorithms like {\bf ARCFOUR}. A symmetric encryption algorithm uses a single (secret) key -to encrypt and decrypt data. +Confidentiality is provided by using symmetric encryption algorithms like {\bf 3DES}, +{\bf AES\footnote{AES or Advanced Encryption Standard is actually the RIJNDAEL algorithm. This is the +algorithm that will replace DES.}}, or +stream algorithms like {\bf ARCFOUR\footnote{ARCFOUR is a compatible +algorithm with RSA's RC4 algorithm.}}. A symmetric encryption algorithm uses a single (secret) key +to encrypt and decrypt data. Block algorithms in TLS also provide protection +against statistical analysis of the data. \gnutls makes use of this property +thus, if you're operating in TLS 1.0 mode, a random number of blocks will be +appended to the data. This will prevent eavesdroppers from guessing the +actual data size. \subsection{Authentication} \par |