A PFS-preserving protocol for LURK
draft-erb-lurk-rsalg-01

Document Type Expired Internet-Draft (individual)
Last updated 2016-11-29 (latest revision 2016-05-28)
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-erb-lurk-rsalg-01.txt

Abstract

This document defines a protocol between a content provider and an external key owner that enables the provider to act as a TLS termination end-point for the key owner, without having the key actually being provisioned at the provider. The protocol between the two preserves forward secrecy, and is also designed to prevent the use of the key owner as a general-purpose signing oracle which would make it complicit in attacks against uses of the very keys it is trying to protect.

Authors

Samuel Erb (serb@akamai.com)
Rich Salz (rsalz@akamai.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)