[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Question regarding TLS with PSK
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: Question regarding TLS with PSK |
Date: |
Thu, 16 Aug 2007 11:40:12 +0200 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) |
Frank Eberle <address@hidden> writes:
> Hello,
>
> I've to write an application which requires a secured communication
> channel. To keep the user's effort minimal I want to use pre-shared
> keys for authentication.
> Now my question: In my understanding when using PSK-DH the client is
> authenticated when connecting to the server, but is the server also
> authenticated against the client?
The PSK handshake will not succeed unless both sides know the same
pre-shared key. A theorist may say that it is not the same thing as
cryptographic authentication, but in practice people traditionally do
not care about the difference.
> Or in other words: When an attacker replaces the server by his own
> implementation is the client able to recognize this? Or do I have to
> use a server certificate to achieve this.
Yes, the client should notice this because the handshake will fail. You
could try this.
/Simon