[gnutls-help] GnuTLS with TOFU verifies public keys, not certificates

Jens Lechtenboerger jens.lechtenboerger at fsfe.org
Thu Apr 17 19:33:39 CEST 2014

Hi there,

as it took me a while to figure this out, I’d like to share this.

One of my e-mail providers changed an IMAP certificate, and
mail-notification warned me about the new certificate with an
unknown fingerprint.  Both certificates are issued by different CAs.

Surprisingly, though, gnutls-cli with option --tofu did not complain
at all (same for --strict-tofu).

It turns out that both certificates contain the same public key.
(Why would somebody do this?)

As gnutls-cli stores only the public key in ~/.gnutls/known_hosts,
but nothing about the certificate, it cannot detect any difference.
I don’t see any security issue here, but I suggest to extend the
documentation, in particular, the man page of gnutls-cli:

For --tofu, currently “in addition to certificate authentication”:
This should probably read “instead of certificate authentication.”
Afterwards emphasize: “Note that public keys are recorded, not

For --strict-tofu: “certificate” needs to be replaced with “public
key” twice.

Alternatively, should ~/.gnutls/known_hosts also store the
certificate’s fingerprint to detect such changes?

Best wishes

More information about the Gnutls-help mailing list