Secondary Certificate Authentication in HTTP/2

Document Type Expired Internet-Draft (httpbis WG)
Authors Mike Bishop  , Nick Sullivan  , Martin Thomson 
Last updated 2020-11-16 (latest revision 2020-05-14)
Replaces draft-bishop-httpbis-http2-additional-certs
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state Dead WG Document (wg milestone: - Submit Secondary Cer... )
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Yes
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


A use of TLS Exported Authenticators is described which enables HTTP/2 clients and servers to offer additional certificate-based credentials after the connection is established. The means by which these credentials are used with requests is defined.


Mike Bishop (
Nick Sullivan (
Martin Thomson (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)