A Mechanism for Encoding Differences in Paired Certificates
draft-bonnell-lamps-chameleon-certs-07
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Corey Bonnell , John Gray , D. Hook , Tomofumi Okubo , Mike Ounsworth | ||
| Last updated | 2026-04-21 (Latest revision 2025-10-18) | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources |
Related Implementations
Related Implementations Related Implementations Related Implementations |
||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
This document specifies a method to efficiently convey the differences between two certificates in an X.509 version 3 extension. This method allows a relying party to extract information sufficient to reconstruct the paired certificate and perform certification path validation using the reconstructed certificate. In particular, this method is especially useful as part of a key or signature algorithm migration, where subjects may be issued multiple certificates containing different public keys or signed with different CA private keys or signature algorithms. This method does not require any changes to the certification path validation algorithm as described in RFC 5280. Additionally, this method does not violate the constraints of serial number uniqueness for certificates issued by a single certification authority.
Authors
Corey Bonnell
John Gray
D. Hook
Tomofumi Okubo
Mike Ounsworth
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)