Delegated Credentials for TLS
draft-rescorla-tls-subcerts-01

Document Type Expired Internet-Draft (tls WG)
Last updated 2017-09-10 (latest revision 2017-03-09)
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html bibtex
Stream WG state Adopted by a WG
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-rescorla-tls-subcerts-01.txt

Abstract

The organizational separation between the operator of a TLS server and the certificate authority that provides it credentials can cause problems, for example when it comes to reducing the lifetime of certificates or supporting new cryptographic algorithms. This document describes a mechanism to allow TLS server operators to create their own credential delegations without breaking compatibility with clients that do not support this specification.

Authors

Richard Barnes (rlb@ipv.sx)
Subodh Iyengar (subodh@fb.com)
Nick Sullivan (nick@cloudflare.com)
Eric Rescorla (ekr@rtfm.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)