appl/simple/client/sim_client.c uses internal APIs

Benjamin Kaduk kaduk at mit.edu
Sat Feb 25 00:04:05 EST 2023


On Fri, Feb 24, 2023 at 04:27:28PM -0800, Russ Allbery wrote:
> 
> (There is the other problem that all of the effort, hardware support, and
> optimization work is going into TLS now, and it feels like a huge waste of
> energy to try to compete with TLS in the secure transport business.  But
> that's a whole different can of worms since TLS is very wedded to X.509
> certificates and there are a bunch of very good reasons to not want to use
> X.509 certificates for client authentication in a lot of situations.)

In case you haven't been following, OpenSSL is set to grow TLS raw public
key support soon, probably in 3.1 or so:
https://github.com/openssl/openssl/pull/18185
I've seen a number of places picking up on TLS with raw public key as an
option for secure transport when they don't want to be wedded to X.509
certificates (whether for client or for server).  You do have to supply
your own authorization layer, then, of course, but you may already have
one.

-Ben


More information about the Kerberos mailing list