[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Signing multicast traffic with gnutls API ?
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] Signing multicast traffic with gnutls API ? |
Date: |
Thu, 30 Oct 2008 19:56:55 +0200 |
User-agent: |
Thunderbird 2.0.0.17 (X11/20080925) |
Nikos Mavrogiannopoulos wrote:
>> The easiest sollution seems to sign a hash value of every package
with a
>> asymmetric public key and check this signature at the
>> receiver/retransmitter.
> Actually you cannot use TLS as a protocol since you don't have peer to
> peer communication to perform a handshake. You could use
> gnutls_x509_privkey_sign_data() and verify_data().
However you must know that replay/reordering attacks and maybe others
are possible, so care must be taken to avoid those if they apply. It
might be better to check if there is already a protocol for signing
broadcasted data, and follow that.
regards,
Nikos