RFC 7250 raw public keys?

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jul 8 18:32:39 UTC 2020

On Wed, Jul 08, 2020 at 02:24:47PM -0400, Felipe Gasper wrote:

> > This is also supported in Postfix, just don't authenticate
> > the client cert at all (no PKI), grab the key digest and
> > use it directly for access control.
> Wouldn’t there need to be a shared secret, though, or some other way
> for the server to have some influence on the randomness of what the
> client’s private key signs? (I don’t know TLS well enough to comment
> on whether that happens in an ordinary TLS handshake, but I assume it
> does?)

TLS takes care of that:


In particular, the client and server random values are included, as well
as any ephemeral public values in DH or ECDH key exchange.


More information about the openssl-users mailing list