top | item 43088220

(no title)

zwp | 1 year ago

Is it coming? I notice that OpenSSL now has support for raw public keys.

The spec (RFC 7250, "Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)") suggests DANE/DNSSEC as a mechanism to bind identities to public keys (section 6).

https://datatracker.ietf.org/doc/html/rfc7250

Will this really be simpler?

discuss

tptacek|1 year ago

It is not coming. Browsers are unlikely to support DANE (Chrome briefly did, and then pulled support, IIRC).

vlovich123|1 year ago

Simpler and faster I hope.

tptacek|1 year ago

In fact, the slowness and complexity of DANE is a big part of why it got pulled.