[TLS] SPKI Fingerprints
Daniel Migault <mglt.ietf@gmail.com> Mon, 13 June 2022 14:43 UTC
Return-Path: <mglt.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 125E7C15AE23 for <tls@ietfa.amsl.com>; Mon, 13 Jun 2022 07:43:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OkRgCHRlhiXx for <tls@ietfa.amsl.com>; Mon, 13 Jun 2022 07:43:38 -0700 (PDT)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 176AFC15D860 for <tls@ietf.org>; Mon, 13 Jun 2022 07:43:05 -0700 (PDT)
Received: by mail-lf1-x12e.google.com with SMTP id c4so9181696lfj.12 for <tls@ietf.org>; Mon, 13 Jun 2022 07:43:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=D5s67/wiuFGwrWpPkn52W5BrJ1oOJ9vitm8t8RHsA+E=; b=BPTHKJUSS1ZiCbxRddfez/m3+0IPUGelreX77gBtR3cwKJpwXXqnn9ryqlJ71SFp87 1ruv1Qlc/5OdCPHeT33NlcuhYSO99Z/AgNzTLhxk4htl1vVz+Jajh5QYfJZrB8QnJICM W4AvHYhN/AgzvCC7KmTPYfejMRbPcWHF2w7s5jk3zdQCtOOhadSbWJ4UvfIBxLgJ1g0j gkV/tlpj9+NNJ6wC3Yz+faiefEp7Mc1hZx0oUIxnCvLIMZ9FFX3aLKHxCbSViEhkEHUe w4sKoB3ggMUZ2FccLbF1iJEGfZuFaPGZBDTML2tvCSdkDnFgspfSKF/1cwJefg5UM3q1 zs+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=D5s67/wiuFGwrWpPkn52W5BrJ1oOJ9vitm8t8RHsA+E=; b=RkzpDN0XNWiGKlPsaS/1f3UnnQic+Y0KdsCEoFj6fe9g/U1dIlKGPC77eZAOsfXRm3 +RnZYrIC5oZNrCmnr6jgnzeXtpi22wRmkOubKRi0NF2Q7OfmbOZvg3dBKxilqqC+ZIBK mhWOugWjTZaxQXq2jnr4o12f4OcU6oBOXiDLQCGcWD3xvdqmDa4XfxKp65BDiJZLDYBn wuCUUiL2Veiy5S0BIbInuN2S9BrpoXUMUfV5Shqz47/YfQVTdV49AB2EgHAc9jiKURFb yUlSCfEmQQMkcaBcvUGYCCkP1OsFS6wSDecRSwCcl+dmlXfEVRPF31RvO7xYXHtz4a1j gF6A==
X-Gm-Message-State: AJIora8VUXjtGOr7E0TySowtYE/YHcPUkj5xjVha9C34Jfxf7a3gQco1 Kk/gqHNYtdb9v+uuSuCKxumBAcirThw/GvkwsweRzmNHkzksqQ==
X-Google-Smtp-Source: AGRyM1tRoLfKIQZ6vv6uaRtGQn3vMhQM5QHJ0sFYJg0XM+MEuVI6S2LRdXS/eNSVt7sVSkvCWBk7UUR8V73mE5IGH44=
X-Received: by 2002:ac2:4858:0:b0:478:fe40:4df with SMTP id 24-20020ac24858000000b00478fe4004dfmr142241lfy.182.1655131383029; Mon, 13 Jun 2022 07:43:03 -0700 (PDT)
MIME-Version: 1.0
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Mon, 13 Jun 2022 10:42:51 -0400
Message-ID: <CADZyTk=vwyPk2y_VSJ_Mi2G6rAOE8ht24xXkgm_q+9QKdLs70w@mail.gmail.com>
To: tls <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002467e905e1554ef7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/1FFNChLpANp_Juzy_EeiAp-CsHI>
Subject: [TLS] SPKI Fingerprints
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jun 2022 14:43:43 -0000
Hi, I sent this question regarding the use of SPKI Fingerprints to the add mailing list, but I am also eventually interested to feed backs not necessarily restricted to encrypted resolvers. RFC 7858 (DNS over TLS) indicates the use of SPKI Fingerprints in an analogous manner to that described in RFC7469 (public KEy Pinning extension for HTTP). I am wondering if anyone is aware of implementation considering SPKI Fingerprints for or if such usage is not something we would like to recommend/deprecate. Yours, Daniel -- Daniel Migault Ericsson
- [TLS] SPKI Fingerprints Daniel Migault
- Re: [TLS] SPKI Fingerprints Viktor Dukhovni
- Re: [TLS] SPKI Fingerprints Daniel Migault
- Re: [TLS] SPKI Fingerprints Viktor Dukhovni