On 11/07/2012 10:18 PM, Ivan Shmakov wrote: > OTOH, most of the data transferred over such a channel will > either be public (and then either self-certifying or signed) or > already encrypted anyway. Thus, for a start, I may forget about > authentication altogether. Unfortunately, some fraction of the > data is likely to be at least mildly sensitive, and apart from > that, an authenticated channel opens a possibility of a DoS.
Without robust and reliable authentication of your peer, you can have no
guarantees of confidentiality.
Put another way: if you don't know who you are talking to, you cannot
have a private conversation. You might be talking to the very person
you want to keep a secret from!
Association of a public key with a peer over an untrusted network is a
challenging problem. Simply presenting a random public key at
connection time and expecting the other peer will automatically know
it's the right one opens your application up to a MITM attack.
You seem to be leaning in the direction of an unauthenticated
connection; while that might be sufficient against an eavesdropping-only
attacker, i advise you to reconsider. On the internet, it's not a large
leap to go from an eavesdropper to a MITM :(
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help-gnutls mailing list Help-gnutls@gnu.org https://lists.gnu.org/mailman/listinfo/help-gnutls
