[Help-gnutls] Signing multicast traffic with gnutls API ?

Henning Rogge rogge at fgan.de
Fri Oct 31 07:29:09 CET 2008

Am Thursday 30 October 2008 18:56:55 schrieb Nikos Mavrogiannopoulos:
> Nikos Mavrogiannopoulos wrote:
> > The easiest sollution seems to sign a hash value of every package
> > with a
> >> asymmetric public key and check this signature at the
> >> receiver/retransmitter.
> >
> > Actually you cannot use TLS as a protocol since you don't have peer to
> > peer communication to perform a handshake. You could use
> > gnutls_x509_privkey_sign_data() and verify_data().
> However you must know that replay/reordering attacks and maybe others
> are possible, so care must be taken to avoid those if they apply.
The flooding service already put a sequence number into the data, which should 
block replay/reordering attacks.

> It
> might be better to check if there is already a protocol for signing
> broadcasted data, and follow that.

Unfortunately I was unable to track down a good way to authenticate multihop 
flooding broadcasts.


Diplom Informatiker Henning Rogge
Forschungsgesellschaft für
Angewandte Naturwissenschaften e. V. (FGAN) 
Neuenahrer Str. 20, 53343 Wachtberg, Germany
Tel.: 0049 (0)228 9435-961
Fax: 0049 (0)228 9435-685
E-Mail: rogge at fgan.de
Web: www.fgan.de
Sitz der Gesellschaft: Bonn
Registergericht: Amtsgericht Bonn VR 2530
Vorstand: Dr. rer. nat. Ralf Dornhaus (Vors.), Prof. Dr. Joachim Ender 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20081031/c24bc840/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20081031/c24bc840/attachment.pgp>

More information about the Gnutls-help mailing list