Re: RFC 7250 raw public keys?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jul 08, 2020 at 02:24:47PM -0400, Felipe Gasper wrote:

> > This is also supported in Postfix, just don't authenticate
> > the client cert at all (no PKI), grab the key digest and
> > use it directly for access control.
> 
> Wouldn’t there need to be a shared secret, though, or some other way
> for the server to have some influence on the randomness of what the
> client’s private key signs? (I don’t know TLS well enough to comment
> on whether that happens in an ordinary TLS handshake, but I assume it
> does?)

TLS takes care of that:

    https://tools.ietf.org/html/rfc5246#section-7.4.8
    https://tools.ietf.org/html/rfc8446#section-4.4.3

In particular, the client and server random values are included, as well
as any ephemeral public values in DH or ECDH key exchange.

-- 
    Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux