Application-Layer TLS

Document Type Expired Internet-Draft (individual)
Authors Owen Friel  , Richard Barnes  , Max Pritikin  , Hannes Tschofenig  , Mark Baugher 
Last updated 2020-05-07 (latest revision 2019-11-04)
Replaces draft-tschofenig-layered-tls, draft-friel-tls-over-http
Stream (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document specifies how TLS and DTLS can be used at the application layer for the purpose of establishing secure end-to-end encrypted communication security. Encodings for carrying TLS and DTLS payloads are specified for HTTP and CoAP to improve interoperability. While the use of TLS and DTLS is straight forward we present multiple deployment scenarios to illustrate the need for end-to-end application layer encryption and the benefits of reusing a widely deployed and readily available protocol. Application software architectures for building, and network architectures for deploying application layer TLS are outlined.


Owen Friel (
Richard Barnes (
Max Pritikin (
Hannes Tschofenig (
Mark Baugher (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)