Delegated Credentials for TLS
draft-ietf-tls-subcerts-00
| Document | Type | Expired Internet-Draft (tls WG) | |
|---|---|---|---|
| Last updated | 2018-05-03 (latest revision 2017-10-30) | ||
| Replaces | draft-rescorla-tls-subcerts | ||
| Stream | IETF | ||
| Intended RFC status | Proposed Standard | ||
| Formats |
Expired & archived
plain text
pdf
html
bibtex
|
||
| Stream | WG state | WG Document | |
| Document shepherd | No shepherd assigned | ||
| IESG | IESG state | Expired | |
| Consensus Boilerplate | Yes | ||
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-ietf-tls-subcerts-00.txt
Abstract
The organizational separation between the operator of a TLS server and the certificate authority that provides it credentials can cause problems, for example when it comes to reducing the lifetime of certificates or supporting new cryptographic algorithms. This document describes a mechanism to allow TLS server operators to create their own credential delegations without breaking compatibility with clients that do not support this specification.
Authors
Richard Barnes
(rlb@ipv.sx)
Subodh Iyengar
(subodh@fb.com)
Nick Sullivan
(nick@cloudflare.com)
Eric Rescorla
(ekr@rtfm.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)