Phil Leblanc philanc at gmail.com
Tue Apr 6 18:41:59 BST 2021
- - - - - - - - - - - - - - - - - - -
Hi All,
Have any of you already used in your clients and servers Raw PublicKeys, as specified in RFC 7250?
It allows to pass raw public keys in a lightweight form ofcertificate. The main benefit is of course shorter certificates andlower parsing cost. With EC key exchange, the "cert" containing onlythe public key would be almost as small as the SHA256 of a regularcert!
And it seems that it is well suited to the TOFU approach. (the mainsecurity considerations - section 6 - do not apply with TOFU)
The RFC is already quite old (2014) and it is included in TLS v1.3.
Do you know how supported it is in common TLS libraries?
Phil