Delegated Credentials for TLS
draft-rescorla-tls-subcerts-00
Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Replaced".
Expired & archived
|
|
---|---|---|---|
Authors | Eric Rescorla , Richard Barnes , Subodh Iyengar , Nick Sullivan | ||
Last updated | 2017-01-08 (Latest revision 2016-07-07) | ||
Replaced by | draft-ietf-tls-subcerts, draft-ietf-tls-subcerts, RFC 9345 | ||
RFC stream | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
The organizational separation between the operator of a TLS server and the certificate authority that provides it credentials can cause problems, for example when it comes to reducing the lifetime of certificates or supporting new cryptographic algorithms. This document describes a mechanism to allow TLS server operators to create their own credential delegations without breaking compatibility with clients that do not support this specification.
Authors
Eric Rescorla
Richard Barnes
Subodh Iyengar
Nick Sullivan
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)