Skip to main content

Semi-Static Diffie-Hellman Key Establishment for TLS 1.3

Document Type Expired Internet-Draft (tls WG)
Authors Eric Rescorla , Nick Sullivan , Christopher A. Wood
Last updated 2020-09-08 (Latest revision 2020-03-07)
Replaces draft-rescorla-tls-semistatic-dh
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text htmlized pdfized bibtex
Stream WG state WG Document
Associated WG milestone
Jul 2021
Submit "Semi-Static Diffie-Hellman Key Establishment for TLS 1.3" to the IESG
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:


TLS 1.3 [RFC8446] specifies a signed Diffie-Hellman exchange modelled after SIGMA [SIGMA]. This design is suitable for endpoints whose certified credential is a signing key, which is the common situation for current TLS servers. This document describes a mode of TLS 1.3 in which one or both endpoints have a certified DH key which is used to authenticate the exchange. Note to Readers Source for this draft and an issue tracker can be found at (


Eric Rescorla
Nick Sullivan
Christopher A. Wood

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)