@techreport{woodhouse-cert-best-practice-01, number = {draft-woodhouse-cert-best-practice-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-woodhouse-cert-best-practice/01/}, author = {David Woodhouse and Nikos Mavrogiannopoulos}, title = {{Recommendations for applications using X.509 client certificates}}, pagetotal = 18, year = 2023, month = jul, day = 25, abstract = {X.509 certificates are widely used for client authentication in many protocols, especially in conjunction with Transport Layer Security ({[}RFC5246{]}) and Datagram Transport Layer Security ({[}RFC6347{]}. There exist a multitude of forms in which certificates and especially their corresponding private keys may be stored or referenced. Applications have historically been massively inconsistent in which subset of these forms have been supported, and what knowledge is demanded of the user. This memo sets out best practice for applications in the interest of usability and consistency.}, }