[Help-gnutls] Re: Question regarding TLS with PSK
simon at josefsson.org
Thu Aug 16 11:40:12 CEST 2007
Frank Eberle <himself at frank-eberle.de> writes:
> I've to write an application which requires a secured communication
> channel. To keep the user's effort minimal I want to use pre-shared
> keys for authentication.
> Now my question: In my understanding when using PSK-DH the client is
> authenticated when connecting to the server, but is the server also
> authenticated against the client?
The PSK handshake will not succeed unless both sides know the same
pre-shared key. A theorist may say that it is not the same thing as
cryptographic authentication, but in practice people traditionally do
not care about the difference.
> Or in other words: When an attacker replaces the server by his own
> implementation is the client able to recognize this? Or do I have to
> use a server certificate to achieve this.
Yes, the client should notice this because the handshake will fail. You
could try this.
More information about the Gnutls-help