Skip to main content

Delegated Credentials for TLS and DTLS

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Joseph Salowey <>, The IESG <>,,,,,,
Subject: Protocol Action: 'Delegated Credentials for (D)TLS' to Proposed Standard (draft-ietf-tls-subcerts-15.txt)

The IESG has approved the following document:
- 'Delegated Credentials for (D)TLS'
  (draft-ietf-tls-subcerts-15.txt) as Proposed Standard

This document is the product of the Transport Layer Security Working Group.

The IESG contact persons are Paul Wouters and Roman Danyliw.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

The organizational separation between operators of TLS and DTLS
endpoints and the certification authority can create limitations.
For example, the lifetime of certificates, how they may be used, and
the algorithms they support are ultimately determined by the
certification authority.  This document describes a mechanism to 
overcome some of these limitations by enabling operators to delegate
their own credentials for use in TLS and DTLS without breaking
compatibility with peers that do not support this specification.
Working Group Summary

There is good consensus for this document with the working group. There was
some delay in getting issues addressed from the previous WGLC and a delay in
publishing a revised draft with the required changes.  There is interest in the
working group to see this document move forward.

Document Quality

Several vendors have indicated they will support the draft and more than one
implementation exists.  There are test vectors available for the draft, but the
authors and chairs decided to wait until they are verified before including
them in the draft.


Joe Salowey is the document Shepherd.
Paul Wouters is the Responsible Area Director.
The IANA Expert(s) for the registries in this document are Yoav Nir, Rich Salz, Nick Sullivan.

RFC Editor Note