[Help-gnutls] Re: Authentication during Handshake

[Rainer Gerhards]

On Tue, May 20, 2008 at 12:52 AM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
> On Mon, May 19, 2008 at 11:38 PM, Rainer Gerhards <rgerhards at gmail.com> wrote:
>> Hi Simon,
>>
>> I am working on both the client and server sides.
>>
>> What gives me most problems is the fingerprint authentication. In
>> essence, each peer has a list of valid (remote peer's) certificate
>> fingerprints. If the actual cert's fingerprint is in this list, the
>> remote peer is succesfully authenticated. this is an alternate auth
>> mode that does not require pki.
>
> Actually this is a hack. As far as I remember there was no standard
> way to fingerprint a certificate. MD5 was widely used for this but it
> is broken now.

SHA1 is now suggested.

> The alternative modes of TLS/SSL that do not require PKI are TLS-SRP
> (rfc5054) and TLS-PSK (preshared keys - rfc 4279). These are the
> straightforward ways to use TLS without PKI (certificates). Then it is
> obvious to everybody how to perform the TLS handshake - if the shared
> keys do not match it fails.  Gnutls supports both of these modes.
>
> Please suggest these to the authors of the protocol you're referencing.

I will, but please be aware that I will try to fully implement the
current version first - so that I can provide valid implementor's
suggestion. The syslog WG does not have a really good track record in
reaching its goals and, based on recent discussion, it may not be
useful to suggest anything without very solid evidence. This is also
the reason why I am trying hard to fully understand all implications.

Thanks again for all help, this is extremely valuable.

Rainer