💾 Archived View for gem.benscraft.info › mailing-list › messages › 160 captured on 2021-12-05 at 23:47:19. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-12-03)
-=-=-=-=-=-=-
- Phil Leblanc <philanc at gmail.com>
@ Tue, 06 Apr 2021 17:41 +0000
────────────────────────────────────────────────────────────────────────────────
Hi All,
Have any of you already used in your clients and servers Raw Public
Keys, as specified in RFC 7250?
It allows to pass raw public keys in a lightweight form of
certificate. The main benefit is of course shorter certificates and
lower parsing cost. With EC key exchange, the "cert" containing only
the public key would be almost as small as the SHA256 of a regular
cert!
And it seems that it is well suited to the TOFU approach. (the main
security considerations - section 6 - do not apply with TOFU)
The RFC is already quite old (2014) and it is included in TLS v1.3.
Do you know how supported it is in common TLS libraries?
Phil
════════════════════════════════════════════════════════════════════════════════