Using OpenPGP Keys for Transport Layer Security (TLS) Authentication
RFC 5081
Document Type RFC - Experimental (November 2007; No errata)
Obsoleted by RFC 6091
Author Nikos Mavrogiannopoulos 
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized bibtex
Reviews
SECDIR Early Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5081 (Experimental)
Action Holders
(None)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                               N. Mavrogiannopoulos
Request for Comments: 5081                                   Independent
Category: Experimental                                     November 2007

  Using OpenPGP Keys for Transport Layer Security (TLS) Authentication

Status of This Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Abstract

   This memo proposes extensions to the Transport Layer Security (TLS)
   protocol to support the OpenPGP key format.  The extensions discussed
   here include a certificate type negotiation mechanism, and the
   required modifications to the TLS Handshake Protocol.

Table of Contents

   1. Introduction ....................................................2
   2. Terminology .....................................................2
   3. Changes to the Handshake Message Contents .......................2
      3.1. Client Hello ...............................................2
      3.2. Server Hello ...............................................3
      3.3. Server Certificate .........................................3
      3.4. Certificate Request ........................................4
      3.5. Client Certificate .........................................5
      3.6. Other Handshake Messages ...................................5
   4. Security Considerations .........................................5
   5. IANA Considerations .............................................6
   6. Acknowledgements ................................................6
   7. References ......................................................6
      7.1. Normative References .......................................6
      7.2. Informative References .....................................7

Mavrogiannopoulos             Experimental                      [Page 1]
RFC 5081                   Using OpenPGP Keys              November 2007

1.  Introduction

   The IETF has two sets of standards for public key certificates, one
   set for use of X.509 certificates [PKIX] and one for OpenPGP
   certificates [OpenPGP].  At the time of writing, TLS [TLS] standards
   are defined to use only X.509 certificates.  This document specifies
   a way to negotiate use of OpenPGP certificates for a TLS session, and
   specifies how to transport OpenPGP certificates via TLS.  The
   proposed extensions are backward compatible with the current TLS
   specification, so that existing client and server implementations
   that make use of X.509 certificates are not affected.

2.  Terminology

   The term "OpenPGP key" is used in this document as in the OpenPGP
   specification [OpenPGP].  We use the term "OpenPGP certificate" to
   refer to OpenPGP keys that are enabled for authentication.

   This document uses the same notation and terminology used in the TLS
   Protocol specification [TLS].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Changes to the Handshake Message Contents

   This section describes the changes to the TLS handshake message
   contents when OpenPGP certificates are to be used for authentication.

3.1.  Client Hello

   In order to indicate the support of multiple certificate types,
   clients MUST include an extension of type "cert_type" (see Section 5)
   to the extended client hello message.  The hello extension mechanism
   is described in [TLSEXT].

   This extension carries a list of supported certificate types the
   client can use, sorted by client preference.  This extension MUST be
   omitted if the client only supports X.509 certificates.  The
   "extension_data" field of this extension contains a
   CertificateTypeExtension structure.

Mavrogiannopoulos             Experimental                      [Page 2]
RFC 5081                   Using OpenPGP Keys              November 2007

      enum { client, server } ClientOrServerExtension;

      enum { X.509(0), OpenPGP(1), (255) } CertificateType;

      struct {
         select(ClientOrServerExtension) {
            case client:
               CertificateType certificate_types<1..2^8-1>;
            case server:
               CertificateType certificate_type;
         }
      } CertificateTypeExtension;

   No new cipher suites are required to use OpenPGP certificates.  All
   existing cipher suites that support a compatible, with the key, key
   exchange method can be used in combination with OpenPGP certificates.

3.2.  Server Hello

   If the server receives a client hello that contains the "cert_type"
   extension and chooses a cipher suite that requires a certificate,
   then two outcomes are possible.  The server MUST either select a
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools