Skip to main content

A PFS-preserving protocol for LURK
draft-erb-lurk-rsalg-01

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Samuel Erb , Rich Salz
Last updated 2016-11-29 (Latest revision 2016-05-28)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

This document defines a protocol between a content provider and an external key owner that enables the provider to act as a TLS termination end-point for the key owner, without having the key actually being provisioned at the provider. The protocol between the two preserves forward secrecy, and is also designed to prevent the use of the key owner as a general-purpose signing oracle which would make it complicit in attacks against uses of the very keys it is trying to protect.

Authors

Samuel Erb
Rich Salz

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)