@techreport{urien-tls-se-xauth-03,
    number =    {draft-urien-tls-se-xauth-03},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-urien-tls-se-xauth/03/},
    author =    {Pascal Urien},
    title =     {{TLS for Secure Element Recursive Authentication}},
    pagetotal = 9,
    year =      2026,
    month =     apr,
    day =       3,
    abstract =  {This document defines a recursive authentication architecture based on the TLS 1.3 pre-shared key (PSK) mode. In this context, TLS servers, typically hosted within secure elements (TLS-SE), realize procedures that compute TLS 1.3 PSK-binder and Handshake Secret. These procedures allow a client to authenticate to downstream TLS servers without directly possessing the corresponding PSKs. Authentication capabilities can therefore be delegated across multiple TLS servers while maintaining protection of the underlying secrets.},
}