Delegated Credentials for TLS
draft-ietf-tls-subcerts-02

The information below is for an old version of the document
Document Type Expired Internet-Draft (tls WG)
Last updated 2019-02-18 (latest revision 2018-08-17)
Replaces draft-rescorla-tls-subcerts
Stream IETF
Intended RFC status Proposed Standard
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Yes
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-tls-subcerts-02.txt

Abstract

The organizational separation between the operator of a TLS server and the certification authority can create limitations. For example, the lifetime of certificates, how they may be used, and the algorithms they support are ultimately determined by the certification authority. This document describes a mechanism by which operators may delegate their own credentials for use in TLS, without breaking compatibility with clients that do not support this specification.

Authors

Richard Barnes (rlb@ipv.sx)
Subodh Iyengar (subodh@fb.com)
Nick Sullivan (nick@cloudflare.com)
Eric Rescorla (ekr@rtfm.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)