Skip to main content

Bootstrapped TLS Authentication

Document Type Replaced Internet-Draft (emu WG)
Expired & archived
Authors Owen Friel , Dan Harkins
Last updated 2022-09-26 (Latest revision 2022-05-26)
Replaced by draft-ietf-emu-bootstrapped-tls
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state Adopted by a WG
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-emu-bootstrapped-tls
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document defines a TLS extension that enables a server to prove to a client that it has knowledge of the public key of a key pair where the client has knowledge of the private key of the key pair. Unlike standard TLS key exchanges, the public key is never exchanged in TLS protocol messages. Proof of knowledge of the public key is used by the client to bootstrap trust in the server. The use case outlined in this document is to establish trust in an EAP server.


Owen Friel
Dan Harkins

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)