Re: [TLS] FYI, RFC7250 (raw public keys) to be supported in OpenSSL ~3.2

2023-01-22 Thread John Mattsson 
Hi Viktor,

Are point compressed secp256r1 RPKs supported?

- Uncompressed secp256r1 RPKs are 91 bytes.
- Point compressed secp256r1 RPKs are 59 bytes
- Ed25519 RPKs are 58 bytes

Cheers,
John

From: TLS  on behalf of Achim Kraus 
Date: Sunday, 22 January 2023 at 22:02
To: tls@ietf.org , Viktor Dukhovni 
Subject: Re: [TLS] FYI, RFC7250 (raw public keys) to be supported in OpenSSL 
~3.2
Hello Viktor,

 > Thanks to Todd Short, RFC7250 raw public keys should be available in
 > OpenSSL ~3.2.  Applications that use unauthenticated opportunistic TLS,

Sounds great. Especially for IoT/constraint use-cases that's a real
benefit.

Just in the case, someone is interested, I asked a couple of months ago,
if https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-10 has
some considerations about certificate types without a validation date.
See 
https://protect2.fireeye.com/v1/url?k=31323334-501d5122-313273af-45444731-1d6e8c010f9a9db6=1=45adec37-94c0-453e-b42c-80479cc77e30=https%3A%2F%2Fgithub.com%2Ftlswg%2Ftls-subcerts%2Fissues%2F107

 > The pull request 
 > 
 >  is
 > still a work in progress, but complete enough for application
 > integration testing.

I will try to test next week the DTLS interoperability with

Eclipse/tinydtls
Eclipse/Californium

best regards
Achim


Am 22.01.23 um 21:41 schrieb Viktor Dukhovni:
> Thanks to Todd Short, RFC7250 raw public keys should be available in
> OpenSSL ~3.2.  Applications that use unauthenticated opportunistic TLS,
> employ DANE or have other ways to avoid X.509 certificates and make do
> with raw peer public keys can avoid the overhead of receiving and
> processing certificate chains.
>
> The pull request 
> 
>  is
> still a work in progress, but complete enough for application
> integration testing.  Likely too late for OpenSSL 3.1 (in beta now), but
> seems likely to land by 3.2.  The TODO items on the OpenSSL side are
> at this point IMHO minor.  Review eyeballs of course always appreciated.
>
> I have a Postfix branch with a reasonably complete implementation:
>
>  # posttls-finger -c 
>  posttls-finger: [192.0.2.1]:25: raw public key fingerprint=<...>
>  posttls-finger: [192.0.2.1]:25: Matched DANE raw public key: 3 1 
> 1 <...>
>  posttls-finger: Verified TLS connection established to 
> [192.0.2.1]:25:
>  TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>  key-exchange X25519
>  server-signature RSA-PSS (2048 bits)
>  server-digest SHA256
>
> based on the the current state of the pull request.
>

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Re: [TLS] FYI, RFC7250 (raw public keys) to be supported in OpenSSL ~3.2

2023-01-22 Thread Achim Kraus 

Hello Viktor,

> Thanks to Todd Short, RFC7250 raw public keys should be available in
> OpenSSL ~3.2.  Applications that use unauthenticated opportunistic TLS,

Sounds great. Especially for IoT/constraint use-cases that's a real
benefit.

Just in the case, someone is interested, I asked a couple of months ago,
if https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-10 has
some considerations about certificate types without a validation date.
See https://github.com/tlswg/tls-subcerts/issues/107

> The pull request  is
> still a work in progress, but complete enough for application
> integration testing.

I will try to test next week the DTLS interoperability with

Eclipse/tinydtls
Eclipse/Californium

best regards
Achim


Am 22.01.23 um 21:41 schrieb Viktor Dukhovni:

Thanks to Todd Short, RFC7250 raw public keys should be available in
OpenSSL ~3.2.  Applications that use unauthenticated opportunistic TLS,
employ DANE or have other ways to avoid X.509 certificates and make do
with raw peer public keys can avoid the overhead of receiving and
processing certificate chains.

The pull request  is
still a work in progress, but complete enough for application
integration testing.  Likely too late for OpenSSL 3.1 (in beta now), but
seems likely to land by 3.2.  The TODO items on the OpenSSL side are
at this point IMHO minor.  Review eyeballs of course always appreciated.

I have a Postfix branch with a reasonably complete implementation:

 # posttls-finger -c 
 posttls-finger: [192.0.2.1]:25: raw public key fingerprint=<...>
 posttls-finger: [192.0.2.1]:25: Matched DANE raw public key: 3 1 1 
<...>
 posttls-finger: Verified TLS connection established to 
[192.0.2.1]:25:
 TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519
 server-signature RSA-PSS (2048 bits)
 server-digest SHA256

based on the the current state of the pull request.



___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

[TLS] FYI, RFC7250 (raw public keys) to be supported in OpenSSL ~3.2

2023-01-22 Thread Viktor Dukhovni 
Thanks to Todd Short, RFC7250 raw public keys should be available in
OpenSSL ~3.2.  Applications that use unauthenticated opportunistic TLS,
employ DANE or have other ways to avoid X.509 certificates and make do
with raw peer public keys can avoid the overhead of receiving and
processing certificate chains.

The pull request  is
still a work in progress, but complete enough for application
integration testing.  Likely too late for OpenSSL 3.1 (in beta now), but
seems likely to land by 3.2.  The TODO items on the OpenSSL side are
at this point IMHO minor.  Review eyeballs of course always appreciated.

I have a Postfix branch with a reasonably complete implementation:

# posttls-finger -c 
posttls-finger: [192.0.2.1]:25: raw public key fingerprint=<...>
posttls-finger: [192.0.2.1]:25: Matched DANE raw public key: 3 1 1 
<...>
posttls-finger: Verified TLS connection established to 
[192.0.2.1]:25:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519
server-signature RSA-PSS (2048 bits)
server-digest SHA256

based on the the current state of the pull request.

-- 
Viktor.

___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls