Skip to main content

Related Certificates for Use in Multiple Authentications within a Protocol

Document Type Replaced Internet-Draft (lamps WG)
Expired & archived
Authors Alison Becker , Rebecca Guthrie , Michael J. Jenkins
Last updated 2023-02-15 (Latest revision 2023-01-05)
Replaced by draft-ietf-lamps-cert-binding-for-multi-auth
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state Adopted by a WG
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-lamps-cert-binding-for-multi-auth
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document defines a new CSR attribute, relatedCertRequest, and a new X.509 certificate extension, RelatedCertificate. The use of the relatedCertRequest attribute in a CSR and the inclusion of the RelatedCertificate extension in the resulting certificate together provide additional assurance that two certificates each belong to the same end entity. This mechanism is particularly useful in the context of non-composite hybrid authentication, which enables users to employ the same certificates in hybrid authentication as in authentication done with only traditional or post-quantum algorithms.


Alison Becker
Rebecca Guthrie
Michael J. Jenkins

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)