blob: 4fea3dd6af3746f963667ec350eb253180158cc4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
\chapter{Authentication methods}
The \tls{} protocol provides confidentiality and encryption, but
also offers authentication, which is a prerequisite
for a secure connection.
The available authentication methods in \gnutls{} are:
\begin{enumerate}
\item Certificate authentication
\item Anonymous authentication
\item SRP authentication
\end{enumerate}
% x.509 section
\input{x509}
\begin{figure}[hbtp]
\index{Key exchange algorithms}
\begin{tabular}{|l|p{9cm}|}
\hline
RSA & The RSA algorithm is used to encrypt a key and send it to the peer.
The certificate must allow the key to be used for encryption.
\\
\hline
RSA\_EXPORT & The RSA algorithm is used to encrypt a key and send it to the peer.
In the EXPORT algorithm, the server signs temporary RSA parameters of 512
bits -- which are considered weak -- and sends them to the client.
\\
\hline
DHE\_RSA & The RSA algorithm is used to sign Ephemeral Diffie Hellman
parameters which are sent to the peer. The key in the certificate must allow
the key to be used for signing. Note that key exchange algorithms which use
Ephemeral Diffie Hellman parameters, offer perfect forward secrecy.
\\
\hline
DHE\_DSS & The DSS algorithm is used to sign Ephemeral Diffie Hellman
parameters which are sent to the peer. DSS stands for Digital Signature
Standard.
\\
\hline
\end{tabular}
\caption{Key exchange algorithms for OpenPGP and X.509 certificates.}
\label{fig:cert}
\end{figure}
% openpgp section
\input{openpgp}
\section{Anonymous authentication\index{Anonymous authentication}}
The anonymous key exchange perform encryption but there is no indication of
the identity of the peer. This kind of authentication is vulnerable to a
man in the middle attack,
but this protocol can be used even if there is no prior communication and
trusted parties with the peer, or when full anonymity is required.
Unless really required, do not use anonymous authentication.
Available key exchange methods are shown in \hyperref{figure}{figure }{}{fig:anon}.
\begin{figure}[hbtp]
\begin{tabular}{|l|p{9cm}|}
\hline
ANON\_DH & This algorithm exchanges Diffie Hellman parameters.
\\
\hline
\end{tabular}
\caption{Supported anonymous key exchange algorithms}
\label{fig:anon}
\end{figure}
\input{srp}
|