RFC 7250 raw public keys?

Felipe Gasper felipe at felipegasper.com
Wed Jul 8 17:31:04 UTC 2020

> On Jul 8, 2020, at 12:59 PM, Viktor Dukhovni <openssl-users at dukhovni.org> wrote:
> On Wed, Jul 08, 2020 at 12:48:38PM -0400, Felipe Gasper wrote:
>> Does OpenSSL support authentication via raw public keys? (RFC 7250) I
>> can’t find anything to this effect on openssl.org.
> These are not presently supported.  However, you can use DANE-EE(3) TLSA
> records to authenticate essentially empty leaf certificates:

That would also require changes to DNS, right?

What I’m looking for is a way to authenticate a user over TLS in essentially the same manner that SSH’s handshake uses, where a signature of a shared secret validates the public key, which is on a preconfigured allowlist. I could do it post-handshake by using RFC 5705 key material exports as the shared secret--this usage seems to exemplify the intent of that extension--but TLS raw public keys seem a bit closer to “prior art”.

Anyhow, thank you!


More information about the openssl-users mailing list