[Help-gnutls] Re: Question regarding TLS with PSK

[Simon Josefsson]

Frank Eberle <himself at frank-eberle.de> writes:

> Hello,
>
> I've to write an application which requires a secured communication
> channel. To keep the user's effort minimal I want to use pre-shared
> keys for authentication.
> Now my question: In my understanding when using PSK-DH the client is
> authenticated when connecting to the server, but is the server also
> authenticated against the client?

The PSK handshake will not succeed unless both sides know the same
pre-shared key.  A theorist may say that it is not the same thing as
cryptographic authentication, but in practice people traditionally do
not care about the difference.

> Or in other words: When an attacker replaces the server by his own
> implementation is the client able to recognize this? Or do I have to
> use a server certificate to achieve this.

Yes, the client should notice this because the handshake will fail.  You
could try this.

/Simon