Skip to main content

Semi-Static Diffie-Hellman Key Establishment for TLS 1.3

Document Type Expired Internet-Draft (tls WG)
Expired & archived
Authors Eric Rescorla , Nick Sullivan , Christopher A. Wood
Last updated 2020-09-08 (Latest revision 2020-03-07)
Replaces draft-rescorla-tls-semistatic-dh
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state WG Document
Associated WG milestone
Jul 2021
Submit "Semi-Static Diffie-Hellman Key Establishment for TLS 1.3" to the IESG
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


TLS 1.3 [RFC8446] specifies a signed Diffie-Hellman exchange modelled after SIGMA [SIGMA]. This design is suitable for endpoints whose certified credential is a signing key, which is the common situation for current TLS servers. This document describes a mode of TLS 1.3 in which one or both endpoints have a certified DH key which is used to authenticate the exchange. Note to Readers Source for this draft and an issue tracker can be found at (


Eric Rescorla
Nick Sullivan
Christopher A. Wood

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)