On Tuesday, May 16, 2017 12:37:42 pm Viktor Dukhovni wrote: > * RFC7250 raw public keys
Just as a footnote to anyone reading this discussion that may not know: The current version of the TLS 1.3 spec explicitly recommends RFC7250 raw public keys as a viable option and provides the needed information on how to handle this in TLS 1.3. Anonymous cipher suite support has been dropped from TLS 1.3, and trust on first use raw public keys are the first of the two recommended alternatives. > * TOFU public key pinning Trust on first use public keys in unvalidated certificate chains is the second recommended alternative. https://tlswg.github.io/tls13-spec/#unauthenticated-operation https://tools.ietf.org/html/draft-ietf-tls-tls13-20#appendix-C.6 Dave _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
