"known in advance" public key authentication?

Ivan Shmakov oneingray at gmail.com
Wed Nov 7 16:49:48 CET 2012


>>>>> Graham Murray <GMurray at webwayone.co.uk> writes:
>>>>> On Wed, 2012-11-07 at 14:33 +0000, Ivan Shmakov wrote:

[…]

 >> A feature of this application is that the public keys of the peers
 >> are effectively “known in advance”, so, while self-signed
 >> (unsigned?) X.509 certificates (or some OpenPGP ones) could be
 >> employed, there's no practical benefit from CC/WoT verification.

 >> Hence, the question is: is there a way to specify the local key pair
 >> and the remote public key to GnuTLS “directly”, just prior to
 >> connecting the remote?

 > Would PSK not do what you want?

	Unfortunately, no.  The keys are known in advance precisely
	because they're public.

-- 
FSF associate member #7257





More information about the Gnutls-help mailing list