Re: RFC 7250 raw public keys?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jul 08, 2020 at 01:31:04PM -0400, Felipe Gasper wrote:

> > On Jul 8, 2020, at 12:59 PM, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
> > 
> > On Wed, Jul 08, 2020 at 12:48:38PM -0400, Felipe Gasper wrote:
> > 
> >> Does OpenSSL support authentication via raw public keys? (RFC 7250) I
> >> can’t find anything to this effect on openssl.org.
> > 
> > These are not presently supported.  However, you can use DANE-EE(3) TLSA
> > records to authenticate essentially empty leaf certificates:
> 
> That would also require changes to DNS, right?

Sure, but DANE-EE(3) is just one way to authenticate a stand-alone
self-signed certificate.  Indeed OpenSSL does not do the DNS lookups,
you can store the matching digest anywhere and retrieve it in whatever
way makes sense for your application.  You can even compute it on the
fly from a copy of the expected certificate.

Postfix (in which I'm the maintainer of the TLS stack), creates
synthetic DANE TLSA records as the way that it matches certificates
by pre-configured "fingerprint" values.

That said, you also don't need to use DANE authentication, you can
implement your own certificate verification callbacks, ...

My point was primarily that a bit of space overhead side, a minimal
X.509 certificate is in most cases equivalent to a bare public key,
but has broader API support.

> What I’m looking for is a way to authenticate a user over TLS in
> essentially the same manner that SSH’s handshake uses, where a
> signature of a shared secret validates the public key, which is on a
> preconfigured allowlist. I could do it post-handshake by using RFC
> 5705 key material exports as the shared secret--this usage seems to
> exemplify the intent of that extension--but TLS raw public keys seem a
> bit closer to “prior art”.

Indeed DANE is only a good fit for authenticating servers, for
authenticating clients, you just want to compute a public key
fingerprint and do a database lookup.

This is also supported in Postfix, just don't authenticate
the client cert at all (no PKI), grab the key digest and
use it directly for access control.

-- 
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux