OpenPGP Extensions for Device Certificates

Document Type Expired Internet-Draft (individual)
Author Derek Atkins 
Last updated 2019-10-12 (latest revision 2019-04-10)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The OpenPGP Message Formats defined in RFC 4880 specify packet formats and methods for combining those packets to form messages and certificates. However RFC 4880 made an architectural decision that keys are owned by users and must be self-certified. New use cases have emerged where that is not the case. There is a desire to have certificates that are not tied to a user (e.g. device certificates) which may only have encryption keys so may not be self certifiable. Moreover, devices might be space constrained so reducing size is important. This draft specifies extensions to (and updates) RFC 4880 that loosen the definitions of certificates in order to enable userless certificates without self-certifications and specifies a set of notations to enable compact device certifications.


Derek Atkins (unknown-email-Derek-Atkins)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)