> On Jul 8, 2020, at 12:59 PM, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: > > On Wed, Jul 08, 2020 at 12:48:38PM -0400, Felipe Gasper wrote: > >> Does OpenSSL support authentication via raw public keys? (RFC 7250) I >> can’t find anything to this effect on openssl.org. > > These are not presently supported. However, you can use DANE-EE(3) TLSA > records to authenticate essentially empty leaf certificates: That would also require changes to DNS, right? What I’m looking for is a way to authenticate a user over TLS in essentially the same manner that SSH’s handshake uses, where a signature of a shared secret validates the public key, which is on a preconfigured allowlist. I could do it post-handshake by using RFC 5705 key material exports as the shared secret--this usage seems to exemplify the intent of that extension--but TLS raw public keys seem a bit closer to “prior art”. Anyhow, thank you! -FG
