RE: Consultation：Additional “ephemeral public key” and “ephemeral private key" implementations for quictls/opens
Michael.Wojcik at microfocus.com
Sun Aug 29 19:53:16 UTC 2021
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of ????
> Sent: Sunday, 29 August, 2021 07:04
> Specifically, we are trying to enable “ephemeral public key” and
> “ephemeral private key" for SSL/TLS.
I'm afraid it is not clear to me, at least, what you are trying to do.
Are you attempting to implement a standard protocol that incorporates ephemeral key pairs, such as EKE, into TLS? Are you implementing a standard specifically for TLS that I'm not aware of? (That's quite possible; I don't follow TLS standards closely.)
If not, what is your use case? How do you see your protocol interacting with TLS?
Some might argue that OpenSSL is not especially well-suited for adding experimental ciphersuites and protocols to its TLS implementation. Its focus is on providing a secure and rich commercial implementation of TLS and various cryptographic operations and protocols, not on providing a toolkit for researchers.
I've never used quictls (as I think QUIC is broadly undesirable for most applications), but my understanding is that it's a fork of OpenSSL, so it's probably not any better in that regard.
More information about the openssl-users