Skip to main content

Authentication Model and Security Requirements for the TLS/DTLS Content Provider Edge Server Split Use Case

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Daniel Migault , Kevin J. Ma
Last updated 2016-07-22 (Latest revision 2016-01-19)
Replaced by draft-mglt-lurk-tls12
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-mglt-lurk-tls12
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


In the TLS/DTLS Content provider Edge Server Split use case, a TLS Client uses TLS/DTLS to authenticates the Content Provider while establishing a TLS/DTLS session with the Edge Server. Such authentication scheme is designated as Split Authentication in this document. In most cases, the Edge Server does not even belong to the Content Provider, but instead to a third party like, for example, a Content Delivery Network. As a result, the Content Provider and the Edge Server must be able to interact and/or share some information. Interactions and shared information constitutes a split authentication model varies with the authentication method involved in the TLS session. For each TLS/DTLS authentication method, the document provides the associated split authentication model that makes possible a split authentication. The split authentication model is associated to security requirements and an analysis to show it does not introduce any weakness compared to the standard TLS authentication model.


Daniel Migault
Kevin J. Ma

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)