[zeromq-dev] CurveZMQ comments

Trevor Perrin trevp at trevp.net
Thu Sep 26 01:24:02 CEST 2013


On Wed, Sep 25, 2013 at 3:50 PM, Pieter Hintjens <ph at imatix.com> wrote:
>
> Does the client have any other way of authenticating the server except
> by knowing its public key in advance?

Maybe, some protocols do different things:

 * The server could present a chain of signatures from some root key
to the current key it's using.  For example, certificates (like in
SSL) establish that the server's current key is signed by some "root
authority".  Or something like TACK [1], where the server's current
key can be signed by a master key which is kept offline for higher
security.  The client would have prior knowledge of the root or master
keys, but not necessarily the server's current key.

 * Clients could remember the server's key the first time they
encounter it, then warn if it's different in the future (SSH; more
generally "TOFU" - "Trust On First Use").  Communities of clients
could check that they're all observing the same key (e.g.
Convergence).

 * Clients could skip server authentication.


Trevor

[1] http://tools.ietf.org/html/draft-perrin-tls-tack-02



More information about the zeromq-dev mailing list