On Thu, Mar 13, 2025 at 09:33:14AM +0000, Douglas Gash (dcmgash) wrote:
> * Raw Public Keys (RPK). There is no definitive description of Raw
> Public Keys in TLS 1.3 at time of writing, so [RFC7250] must be
> used in context of [RFC8446]. The details of RPK are considered
> out-of-scope for this document. Please refer to the RFCs above
> for implementation, deployment, and security considerations.
Please remove the disclaimers. I see no lack of clarity about TLS 1.3
RPKs in RFC8446 Section 4.4.2:
https://datatracker.ietf.org/doc/html/rfc8446#section-4.4.2
OpenSSL, for example, includes an implementation of TLS 1.3 RPKs in
conformance with that specification. Indeed important details of how
to use RPKs in TLS 1.3 can only be found in RFC8446, and RFC7250 is
only sufficient for RPKs with TLS 1.2.
$ posttls-finger -ldane -Lpeercert,summary -c -p TLSv1.2 [...]
posttls-finger: [...] raw public key fingerprint=F4:D9:CF:3B:4E:25:10:85:A4:F3:19:3D:AA:F3:A5:14:1C:D9:5C:71:09:D3:3C:97:1C:3F:8F:7C:EC:48:CD:1B
posttls-finger: [...] Matched DANE raw public key: 3 1 1 F4D9CF3B4E251085A4F3193DAAF3A5141CD95C7109D33C971C3F8F7CEC48CD1B
posttls-finger: Verified TLS connection established to [...] TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
$ posttls-finger -ldane -Lpeercert,summary -c -p TLSv1.3 [...]
posttls-finger: [...] raw public key fingerprint=C0:B6:7B:03:DA:B5:97:A5:D8:B7:43:E7:09:AE:08:0D:7D:3E:50:9A:7B:AB:0A:02:88:D8:98:7F:EA:EA:E8:03
posttls-finger: [...] Matched DANE raw public key: 3 1 1 C0B67B03DAB597A5D8B743E709AE080D7D3E509A7BAB0A0288D8987FEAEAE803
posttls-finger: Verified TLS connection established to [...] TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519MLKEM768 server-signature ML-DSA-65 (raw public key)
It is important to not misrepresent the handling of RPKs in TLS 1.3.
--
Viktor.
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
