Related Certificates for Use in Multiple Authentications within a Protocol
draft-becker-guthrie-cert-binding-for-multi-auth-02
Document | Type |
Replaced Internet-Draft
(lamps WG)
Expired & archived
|
|
---|---|---|---|
Authors | Alison Becker , Rebecca Guthrie , Michael J. Jenkins | ||
Last updated | 2023-02-15 (Latest revision 2023-01-05) | ||
Replaced by | draft-ietf-lamps-cert-binding-for-multi-auth | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | (None) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | Adopted by a WG | |
Document shepherd | (None) | ||
IESG | IESG state | Replaced by draft-ietf-lamps-cert-binding-for-multi-auth | |
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document defines a new CSR attribute, relatedCertRequest, and a new X.509 certificate extension, RelatedCertificate. The use of the relatedCertRequest attribute in a CSR and the inclusion of the RelatedCertificate extension in the resulting certificate together provide additional assurance that two certificates each belong to the same end entity. This mechanism is particularly useful in the context of non-composite hybrid authentication, which enables users to employ the same certificates in hybrid authentication as in authentication done with only traditional or post-quantum algorithms.
Authors
Alison Becker
Rebecca Guthrie
Michael J. Jenkins
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)