Skip to main content

Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF)

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Jim Zubov
Last updated 2022-08-20 (Latest revision 2022-02-16)
RFC stream (None)
Intended RFC status (None)
Additional resources Additional Web Page
GitHub Repository
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document proposes a solution, referred as SNIF, that provides the means for any Internet connected device to: * allocate a globally unique anonymous hostname; * obtain and maintain a publicly trusted X.509 certificate issued for the allocated hostname; * accept incoming TLS connections on specific TCP ports of the allocated hostname from any TLS clients that are capable of sending Server Name Indication. The private key associated with the X.509 certificate is securely stored on the TLS terminating device, and is never exposed to any other party at any step of the process. About This Document This note is to be removed before publishing as an RFC. Status information for this document may be found at Information can be found at Source for this draft and an issue tracker can be found at


Jim Zubov

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)