On Wed, Mar 06, 2013 at 09:48:57AM -0500, Paul Wouters wrote:
> >The simplicity of the DANE binding leaves PKIX with its horde of
> >trust anchors, local versions of intermediate certs, servers that
> >fail to present all intermediate certs, depth limits, expiration
> >date arithmetic, name constraints, multitudes of name types,
> >critical extensions, ... in the dust.
>
> While I agree with most, the future to do this right is to use TLS with
> raw public keys:
>
> http://tools.ietf.org/html/draft-ietf-tls-oob-pubkey-07
>
> That creates a "certificate" with just the SubjectPublicKeyInfo blob.
>
> I welcome postfix to be an early adopter of that draft :)
This is very unlikely to be implemented in Postfix. It is predicated
on an API change in OpenSSL to allow it to return bare public keys
for the peer certificate. Users will still need to generate and
configure X.509 certificates, and there is very little upside for
this proposal in existing applications that don't start life as
public-key only TLS applications.
For the forseeable future, it is much more practical to just create
minimal certificates that essentially consist of just the public
key. With ECDSA and SHA256 the DER cert is just 275 bytes vs. 91
bytes for the associated public key. While an extra 184 (less
overhead for the new extension) bytes on the wire could be avoided
it sure is a lot of new code in libraries and applications to save
a small amount of extra packet payload.
Example via bash(1) with its subprocess file-descriptor arguments:
$ (
umask 077; tmp=$(mktemp .pem.XXXXXX); dst=cert+key.pem
openssl req -new >> $tmp \
-newkey param:<(openssl ecparam -name prime256v1) \
-nodes -keyout /dev/stdout \
-x509 -sha256 -set_serial 1 -subj "/" -days 3650 -config <(
printf "[req]\n%s\n%s\n[dn]\n[x509]\n%s\n" \
"distinguished_name=dn" "x509_extensions=x509" \
"extendedKeyUsage=serverAuth,clientAuth") &&
mv $tmp "$dst" &&
openssl x509 -in "$dst" -text | tee /dev/tty |
openssl x509 -outform DER | wc -c &&
openssl pkey -in "$dst" -pubout | tee /dev/tty |
openssl pkey -pubin -outform DER | wc -c
)
Generating a 256 bit EC private key
writing new private key to '/dev/stdout'
-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer:
Validity
Not Before: Mar 6 18:14:15 2013 GMT
Not After : Mar 4 18:14:15 2023 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:be:d4:d6:18:d0:6a:55:b2:17:1f:53:18:02:a6:
47:c1:f1:10:bb:df:a8:04:12:6b:f7:4b:b9:a7:21:
97:83:31:c4:78:84:c1:9d:be:b5:16:09:0d:b5:04:
f6:92:99:92:3a:e3:1d:2d:62:48:17:08:47:c1:05:
43:ad:d2:3f:61
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:6c:5f:21:3c:c6:09:c6:09:7b:07:55:da:94:4d:
16:0a:f8:7b:99:20:51:54:30:c3:48:87:43:45:0c:08:e1:00:
02:21:00:d8:2d:39:9d:08:7d:5f:22:ab:db:2e:3a:d2:ff:1d:
1e:73:bc:88:45:77:58:64:24:ea:c7:9f:b0:0e:97:be:41
-----BEGIN CERTIFICATE-----
MIIBDzCBtqADAgECAgEBMAoGCCqGSM49BAMCMAAwHhcNMTMwMzA2MTgxNDE1WhcN
MjMwMzA0MTgxNDE1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvtTWGNBq
VbIXH1MYAqZHwfEQu9+oBBJr90u5pyGXgzHEeITBnb61FgkNtQT2kpmSOuMdLWJI
FwhHwQVDrdI/YaMhMB8wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAoG
CCqGSM49BAMCA0gAMEUCIGxfITzGCcYJewdV2pRNFgr4e5kgUVQww0iHQ0UMCOEA
AiEA2C05nQh9XyKr2y460v8dHnO8iEV3WGQk6sefsA6XvkE=
-----END CERTIFICATE-----
275
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvtTWGNBqVbIXH1MYAqZHwfEQu9+o
BBJr90u5pyGXgzHEeITBnb61FgkNtQT2kpmSOuMdLWJIFwhHwQVDrdI/YQ==
-----END PUBLIC KEY-----
91
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
