From: Nikos Mavrogiannopoulos Date: Fri, 19 Aug 2011 11:11:29 +0000 (+0200) Subject: rephrased text on anonymous authentication. X-Git-Tag: gnutls_3_0_1~4^2~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8170275c4a00f7aaaabf64deb02caafa88388837;p=thirdparty%2Fgnutls.git rephrased text on anonymous authentication. --- diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi index 92bb12ccdb..0b20115637 100644 --- a/doc/cha-auth.texi +++ b/doc/cha-auth.texi @@ -186,13 +186,12 @@ algorithm. @section Anonymous authentication @cindex anonymous authentication -The anonymous key exchange performs encryption but there is no -indication of the identity of the peer. This kind of authentication -is vulnerable to a man in the middle attack, but this protocol can be -used even if there is no prior communication and trusted parties with -the peer, or when full anonymity is required. Unless really required, -do not use anonymous authentication. Available key exchange methods -are shown below. +The anonymous key exchange offers encryption without any +indication of the peer's identity. This kind of authentication +is vulnerable to a man in the middle attack, but can be +used even if there is no prior communication or shared trusted parties +with the peer. Moreover it is useful when complete anonymity is required. +Unless in one of the above cases, do not use anonymous authentication. Note that the key exchange methods for anonymous authentication require Diffie-Hellman parameters to be generated by the server and @@ -204,7 +203,8 @@ The initialization functions for the credentials are shown below. @showfuncD{gnutls_anon_allocate_server_credentials,gnutls_anon_allocate_client_credentials,gnutls_anon_free_server_credentials,gnutls_anon_free_client_credentials} -The supported anonymous key exchange algorithms are: +The available key exchange algorithms for anonymous authentication are +shown below. @table @code