Exported Authenticators in TLS

Document Type Replaced Internet-Draft (candidate for tls WG)
Last updated 2017-04-14 (latest revision 2017-03-13)
Replaced by draft-ietf-tls-exported-authenticator
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream WG state Call For Adoption By WG Issued
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-tls-exported-authenticator
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document describes a mechanism in Transport Layer Security (TLS) to provide an exportable proof of ownership of a certificate that can be transmitted out of band and verified by the other party.


Nick Sullivan (nick@cloudflare.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)