Using OpenPGP Keys for Transport Layer Security (TLS) Authentication
RFC 5081
Document | Type |
RFC - Experimental
(November 2007; No errata)
Obsoleted by RFC 6091
|
|
---|---|---|---|
Author | Nikos Mavrogiannopoulos | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 5081 (Experimental) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group N. Mavrogiannopoulos Request for Comments: 5081 Independent Category: Experimental November 2007 Using OpenPGP Keys for Transport Layer Security (TLS) Authentication Status of This Memo This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited. Abstract This memo proposes extensions to the Transport Layer Security (TLS) protocol to support the OpenPGP key format. The extensions discussed here include a certificate type negotiation mechanism, and the required modifications to the TLS Handshake Protocol. Table of Contents 1. Introduction ....................................................2 2. Terminology .....................................................2 3. Changes to the Handshake Message Contents .......................2 3.1. Client Hello ...............................................2 3.2. Server Hello ...............................................3 3.3. Server Certificate .........................................3 3.4. Certificate Request ........................................4 3.5. Client Certificate .........................................5 3.6. Other Handshake Messages ...................................5 4. Security Considerations .........................................5 5. IANA Considerations .............................................6 6. Acknowledgements ................................................6 7. References ......................................................6 7.1. Normative References .......................................6 7.2. Informative References .....................................7 Mavrogiannopoulos Experimental [Page 1] RFC 5081 Using OpenPGP Keys November 2007 1. Introduction The IETF has two sets of standards for public key certificates, one set for use of X.509 certificates [PKIX] and one for OpenPGP certificates [OpenPGP]. At the time of writing, TLS [TLS] standards are defined to use only X.509 certificates. This document specifies a way to negotiate use of OpenPGP certificates for a TLS session, and specifies how to transport OpenPGP certificates via TLS. The proposed extensions are backward compatible with the current TLS specification, so that existing client and server implementations that make use of X.509 certificates are not affected. 2. Terminology The term "OpenPGP key" is used in this document as in the OpenPGP specification [OpenPGP]. We use the term "OpenPGP certificate" to refer to OpenPGP keys that are enabled for authentication. This document uses the same notation and terminology used in the TLS Protocol specification [TLS]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Changes to the Handshake Message Contents This section describes the changes to the TLS handshake message contents when OpenPGP certificates are to be used for authentication. 3.1. Client Hello In order to indicate the support of multiple certificate types, clients MUST include an extension of type "cert_type" (see Section 5) to the extended client hello message. The hello extension mechanism is described in [TLSEXT]. This extension carries a list of supported certificate types the client can use, sorted by client preference. This extension MUST be omitted if the client only supports X.509 certificates. The "extension_data" field of this extension contains a CertificateTypeExtension structure. Mavrogiannopoulos Experimental [Page 2] RFC 5081 Using OpenPGP Keys November 2007 enum { client, server } ClientOrServerExtension; enum { X.509(0), OpenPGP(1), (255) } CertificateType; struct { select(ClientOrServerExtension) { case client: CertificateType certificate_types<1..2^8-1>; case server: CertificateType certificate_type; } } CertificateTypeExtension; No new cipher suites are required to use OpenPGP certificates. All existing cipher suites that support a compatible, with the key, key exchange method can be used in combination with OpenPGP certificates. 3.2. Server Hello If the server receives a client hello that contains the "cert_type" extension and chooses a cipher suite that requires a certificate, then two outcomes are possible. The server MUST either select aShow full document text