[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network security manager
From: |
Ted Zlatanov |
Subject: |
Re: Network security manager |
Date: |
Tue, 18 Nov 2014 23:31:10 -0500 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
On Tue, 18 Nov 2014 16:29:30 +0100 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Ted Zlatanov <address@hidden> writes:
>> Also, would you like to integrate your TOFU patch with the new nsm branch?
LMI> The NSM does TOFU. No patch necessary.
What do you think about the verification and TOFU implementation in
gnutls-cli? Please see
https://gitorious.org/gnutls/gnutls/raw/master:src/cli.c inside
cert_verify_callback() for the details.
* uses SSH-style gnutls_store_pubkey() and gnutls_verify_stored_pubkey()
to DTRT and pins the public key rather than the certificate
fingerprint. The pub keys are stored by default in a way that lets the
user look them up by hostname, but we can customize that. And it's
mostly handled by GnuTLS internals as far as pubkey extraction and
verification.
* does DANE auth (although I don't know the details on DANE, the
client implementation looks reasonable and Toke suggested it)
* checks OCSP for revocations using cert_verify_ocsp() in the same cli.c
Ted
- Re: Network security manager, (continued)
- Re: Network security manager, Eli Zaretskii, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Message not available
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager,
Ted Zlatanov <=
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18