Frank Eberle <[EMAIL PROTECTED]> writes: > Hello, > > I've to write an application which requires a secured communication > channel. To keep the user's effort minimal I want to use pre-shared > keys for authentication. > Now my question: In my understanding when using PSK-DH the client is > authenticated when connecting to the server, but is the server also > authenticated against the client?
The PSK handshake will not succeed unless both sides know the same pre-shared key. A theorist may say that it is not the same thing as cryptographic authentication, but in practice people traditionally do not care about the difference. > Or in other words: When an attacker replaces the server by his own > implementation is the client able to recognize this? Or do I have to > use a server certificate to achieve this. Yes, the client should notice this because the handshake will fail. You could try this. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
