[gnutls-help] GnuTLS with TOFU verifies public keys, not certificates
jens.lechtenboerger at fsfe.org
Thu Apr 17 19:33:39 CEST 2014
as it took me a while to figure this out, I’d like to share this.
One of my e-mail providers changed an IMAP certificate, and
mail-notification warned me about the new certificate with an
unknown fingerprint. Both certificates are issued by different CAs.
Surprisingly, though, gnutls-cli with option --tofu did not complain
at all (same for --strict-tofu).
It turns out that both certificates contain the same public key.
(Why would somebody do this?)
As gnutls-cli stores only the public key in ~/.gnutls/known_hosts,
but nothing about the certificate, it cannot detect any difference.
I don’t see any security issue here, but I suggest to extend the
documentation, in particular, the man page of gnutls-cli:
For --tofu, currently “in addition to certificate authentication”:
This should probably read “instead of certificate authentication.”
Afterwards emphasize: “Note that public keys are recorded, not
For --strict-tofu: “certificate” needs to be replaced with “public
Alternatively, should ~/.gnutls/known_hosts also store the
certificate’s fingerprint to detect such changes?
More information about the Gnutls-help