Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Authentication Using M2M Certificate

Document Type Expired Internet-Draft (individual)
Last updated 2015-09-24 (latest revision 2015-03-23)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo defines Transport Layer Security (TLS) extensions and associated semantics that allow clients and servers to negotiate the use of M2M certificates for a TLS/DTLS session, and specifies how to transport M2M certificates via TLS/DTLS. It also defines the registry for non-X.509 certificate types. The X.509 public key certificate format is overly verbose for Internet- of-Things (IoT) constrained environments, where nodes with limited memory and networks with limited bandwidth are not uncommon. The Machine-to-Machine (M2M) certificate format is a pruned down and encoding-optimized replacement for X.509, which reuses much of the X.509 semantics but reduces certificate sizes by typically 40%.


Yuri Poeluev (
Warwick Ford (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)