Skip to main content

Flexible Key Agreement for Transport Layer Security (FKA-TLS)

Document Type Expired Internet-Draft (individual)
Authors Larry Zhu , Girish Chander , Jeffrey E. Altman , Stefan Santesson
Last updated 2007-07-25
Stream (None)
Intended RFC status (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document defines extensions to RFC 4279, "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", to enable dynamic key sharing in distributed environments using a Generic Security Service Application Program Interface (GSS-API) mechanism, and then import that shared key as the "Pre-Shared Key" to complete the TLS handshake. This is a modular approach to perform authentication and key exchange based on off-shelf libraries. And it obviates the need of pair-wise key sharing by enabling the use of the widely-deployed Kerberos alike trust infrastructures that are highly scalable and robust. Furthermore, conforming implementations can provide server authentication without the use of certificates.


Larry Zhu
Girish Chander
Jeffrey E. Altman
Stefan Santesson

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)