Skip to main content

Limited Use of Remote Keys, Protocol and Reference.

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Phillip Hallam-Baker
Last updated 2016-10-06 (Latest revision 2016-04-04)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The Limited Use of Remote Keys (LURK) BOF has been scheduled with the objective of discussing approaches to mitigating security risks to TLS private keys. In particular in situations where a Content Delivery Network (CDN) is used to deliver content and thus the party that is being authenticated is not the party that the user is attempting to authenticate. Three classes of solution are considered, short term credentials, a remote service offering to perform private key operations and a remote service that is further constrained through the use of some form of threshold approach. A JSON/HTTP protocol implementing the second and third protocol is demonstrated and documented.


Phillip Hallam-Baker

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)