"known in advance" public key authentication?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Nov 8 07:44:46 CET 2012

On 11/07/2012 10:18 PM, Ivan Shmakov wrote:
> 	OTOH, most of the data transferred over such a channel will
> 	either be public (and then either self-certifying or signed) or
> 	already encrypted anyway.  Thus, for a start, I may forget about
> 	authentication altogether.  Unfortunately, some fraction of the
> 	data is likely to be at least mildly sensitive, and apart from
> 	that, an authenticated channel opens a possibility of a DoS.

Without robust and reliable authentication of your peer, you can have no
guarantees of confidentiality.

Put another way: if you don't know who you are talking to, you cannot
have a private conversation.  You might be talking to the very person
you want to keep a secret from!

Association of a public key with a peer over an untrusted network is a
challenging problem.  Simply presenting a random public key at
connection time and expecting the other peer will automatically know
it's the right one opens your application up to a MITM attack.

You seem to be leaning in the direction of an unauthenticated
connection; while that might be sufficient against an eavesdropping-only
attacker, i advise you to reconsider.  On the internet, it's not a large
leap to go from an eavesdropper to a MITM :(


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20121108/24908b62/attachment.pgp>

More information about the Gnutls-help mailing list