[gnutls-help] Lightweight authentication of worker connections

Steven Brown swbrown at variadic.org
Wed Feb 5 08:15:55 CET 2014

I'm building a program where I have a control connection to a remote
service that establishes a form of session and manages it and then
several other worker connections for that session over its lifetime.
I'd like to use a lightweight authentication scheme on the worker
connections if possible as they frequently come and go and there can be
many of them.  I figure it should be possible for the control connection
to establish the authentication information necessary for the workers
but I'm not sure how best to go about it, hence this question.

>From what I've read, I'm planning on SRP for the control connection and
PSK for the worker connections.  If I'm understanding things correctly,
PSK should be lightweight.  I can generate a random key when I create
the client's session and share it over SRP for use with PSK, but doesn't
SRP generate a session key as part of its negotiation?  If so, is there
a way (and does it make sense) to use SRP's session key to do PSK
authentication of the workers?

More information about the Gnutls-help mailing list