Network Working Group N. Mavrogiannopoulos
Request for Comments: 5081 Independent
Category: Experimental November 2007
Using OpenPGP Keys for Transport Layer Security (TLS) Authentication
Status of This Memo
This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Abstract
This memo proposes extensions to the Transport Layer Security (TLS)
protocol to support the OpenPGP key format. The extensions discussed
here include a certificate type negotiation mechanism, and the
required modifications to the TLS Handshake Protocol.
Table of Contents
1. Introduction ....................................................2
2. Terminology .....................................................2
3. Changes to the Handshake Message Contents .......................2
3.1. Client Hello ...............................................2
3.2. Server Hello ...............................................3
3.3. Server Certificate .........................................3
3.4. Certificate Request ........................................4
3.5. Client Certificate .........................................5
3.6. Other Handshake Messages ...................................5
4. Security Considerations .........................................5
5. IANA Considerations .............................................6
6. Acknowledgements ................................................6
7. References ......................................................6
7.1. Normative References .......................................6
7.2. Informative References .....................................7
Mavrogiannopoulos Experimental [Page 1]RFC 5081 Using OpenPGP Keys November 20071. Introduction
The IETF has two sets of standards for public key certificates, one
set for use of X.509 certificates [PKIX] and one for OpenPGP
certificates [OpenPGP]. At the time of writing, TLS [TLS] standards
are defined to use only X.509 certificates. This document specifies
a way to negotiate use of OpenPGP certificates for a TLS session, and
specifies how to transport OpenPGP certificates via TLS. The
proposed extensions are backward compatible with the current TLS
specification, so that existing client and server implementations
that make use of X.509 certificates are not affected.
2. Terminology
The term "OpenPGP key" is used in this document as in the OpenPGP
specification [OpenPGP]. We use the term "OpenPGP certificate" to
refer to OpenPGP keys that are enabled for authentication.
This document uses the same notation and terminology used in the TLS
Protocol specification [TLS].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
3. Changes to the Handshake Message Contents
This section describes the changes to the TLS handshake message
contents when OpenPGP certificates are to be used for authentication.
3.1. Client Hello
In order to indicate the support of multiple certificate types,
clients MUST include an extension of type "cert_type" (see Section 5)
to the extended client hello message. The hello extension mechanism
is described in [TLSEXT].
This extension carries a list of supported certificate types the
client can use, sorted by client preference. This extension MUST be
omitted if the client only supports X.509 certificates. The
"extension_data" field of this extension contains a
CertificateTypeExtension structure.
Mavrogiannopoulos Experimental [Page 2]RFC 5081 Using OpenPGP Keys November 2007
enum { client, server } ClientOrServerExtension;
enum { X.509(0), OpenPGP(1), (255) } CertificateType;
struct {
select(ClientOrServerExtension) {
case client:
CertificateType certificate_types<1..2^8-1>;
case server:
CertificateType certificate_type;
}
} CertificateTypeExtension;
No new cipher suites are required to use OpenPGP certificates. All
datatracker.ietf.org