Authentication Model and Security Requirements for the TLS/DTLS Content Provider Edge Server Split Use Case
draft-mglt-lurk-tls-requirements-00

Document Type Replaced Internet-Draft (individual)
Last updated 2016-07-22 (latest revision 2016-01-19)
Replaced by draft-mglt-lurk-tls12
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-mglt-lurk-tls12
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-mglt-lurk-tls-requirements-00.txt

Abstract

In the TLS/DTLS Content provider Edge Server Split use case, a TLS Client uses TLS/DTLS to authenticates the Content Provider while establishing a TLS/DTLS session with the Edge Server. Such authentication scheme is designated as Split Authentication in this document. In most cases, the Edge Server does not even belong to the Content Provider, but instead to a third party like, for example, a Content Delivery Network. As a result, the Content Provider and the Edge Server must be able to interact and/or share some information. Interactions and shared information constitutes a split authentication model varies with the authentication method involved in the TLS session. For each TLS/DTLS authentication method, the document provides the associated split authentication model that makes possible a split authentication. The split authentication model is associated to security requirements and an analysis to show it does not introduce any weakness compared to the standard TLS authentication model.

Authors

Daniel Migault (daniel.migault@ericsson.com)
Kevin Ma (kevin.j.ma@ericsson.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)