Open Neustradamus opened 1 year ago
Interesting! I wasn't aware of this.
Autobahn(Python) (and Crossbar.io) support WAMP authentication via WAMP-Cryptosign with TLS channel binding of type tls-unique
.
WAMP-Cryptosign:
Twisted:
asyncio:
However, we don't support binding type tls-exporter
yet. I've skimmed over the RFC .. it obviously seems to improve matters (complete keying material is fed to the computation of channel ID ... which seems like a good idea), plus indeed
Implementations that support channel binding over TLS 1.3 MUST implement "tls-exporter".
Now, since that new channel binding also produces 32 octet channel IDs, it is straight forward to add. However, we need upstream support .. I think .. to be able to read this id.
@oberstet: Thanks for your quick answer :)
I have create a ticket in Crossbar too: https://github.com/crossbario/crossbar/issues/2037
For CPython, here is the upstream PR which would allow adding support (here in AutobahnPython and in Crossbar.io): https://github.com/python/cpython/pull/95366 For PyPy, this remains to be seen ..
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
Little details, to know easily:
Thanks in advance.
Linked to: