Hannes Tschofenig
Pronouns: he/him
Hannes Tschofenig contributes to global standards to make the Internet more secure. He has been active in the IETF for the past 20 years and contributed to more than 90 RFCs on security, privacy and various Internet protocols. Hannes co-chaired several IETF working groups, including SCITT, OAuth, ACE, KEYPROV, DIME, and ECRIT. From 2010 to 2014 Hannes was a member of the Internet Architecture Board (IAB), a committee of the IETF.
Roles
RFCs (93)
| RFC | Date | Title | Cited by |
|---|---|---|---|
| RFC 4081 | Jun 2005 | Security Threats for Next Steps in Signaling (NSIS) | 11 RFCs |
| RFC 4230 | Dec 2005 | RSVP Security Properties | 7 RFCs |
| RFC 4279 | Dec 2005 | Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) | 37 RFCs |
| RFC 4442 | Mar 2006 | Bootstrapping Timed Efficient Stream Loss-Tolerant Authentication (TESLA) | 3 RFCs |
| RFC 4484 | Aug 2006 | Trait-Based Authorization Requirements for the Session Initiation Protocol (SIP) | 1 RFC |
| RFC 4487 | May 2006 | Mobile IPv6 and Firewalls: Problem Statement | 1 RFC |
| RFC 4507 | May 2006 | Transport Layer Security (TLS) Session Resumption without Server-Side State | 4 RFCs |
| RFC 4589 | Jul 2006 | Location Types Registry | 9 RFCs |
| RFC 4621 | Aug 2006 | Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol | 3 RFCs |
| RFC 4745 | Feb 2007 | Common Policy: A Document Format for Expressing Privacy Preferences | 12 RFCs |
| RFC 4764 | Jan 2007 | The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method | 1 RFC |
| RFC 4806 | Feb 2007 | Online Certificate Status Protocol (OCSP) Extensions to IKEv2 | 4 RFCs |
| RFC 4891 | May 2007 | Using IPsec to Secure IPv6-in-IPv4 Tunnels | 7 RFCs |
| RFC 5069 | Jan 2008 | Security Threats and Requirements for Emergency Call Marking and Mapping | 14 RFCs |
| RFC 5077 | Jan 2008 | Transport Layer Security (TLS) Session Resumption without Server-Side State | 34 RFCs |
| RFC 5106 | Feb 2008 | The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method | 4 RFCs |
| RFC 5191 | May 2008 | Protocol for Carrying Authentication for Network Access (PANA) | 20 RFCs |
| RFC 5222 | Aug 2008 | LoST: A Location-to-Service Translation Protocol | 20 RFCs |
| RFC 5223 | Aug 2008 | Discovering Location-to-Service Translation (LoST) Servers Using the Dynamic Host Configuration Protocol (DHCP) | 7 RFCs |
| RFC 5433 | Feb 2009 | Extensible Authentication Protocol - Generalized Pre-Shared Key (EAP-GPSK) Method | 6 RFCs |
| RFC 5447 | Feb 2009 | Diameter Mobile IPv6: Support for Network Access Server to Diameter Server Interaction | 9 RFCs |
| RFC 5479 | Apr 2009 | Requirements and Analysis of Media Security Management Protocols | 8 RFCs |
| RFC 5491 | Mar 2009 | GEOPRIV Presence Information Data Format Location Object (PIDF-LO) Usage Clarification, Considerations, and Recommendations | 21 RFCs |
| RFC 5580 | Aug 2009 | Carrying Location Objects in RADIUS and Diameter | 7 RFCs |
| RFC 5624 | Aug 2009 | Quality of Service Parameters for Usage with Diameter | 3 RFCs |
| RFC 5687 | Mar 2010 | GEOPRIV Layer 7 Location Configuration Protocol: Problem Statement and Requirements | 11 RFCs |
| RFC 5713 | Jan 2010 | Security Threats and Security Requirements for the Access Node Control Protocol (ANCP) | 6 RFCs |
| RFC 5719 | Jan 2010 | Updated IANA Considerations for Diameter Command Code Allocations | 1 RFC |
| RFC 5723 | Jan 2010 | Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption | 14 RFCs |
| RFC 5763 | May 2010 | Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS) | 22 RFCs |
| RFC 5770 | Apr 2010 | Basic Host Identity Protocol (HIP) Extensions for Traversal of Network Address Translators | 7 RFCs |
| RFC 5777 | Feb 2010 | Traffic Classification and Quality of Service (QoS) Attributes for Diameter | 10 RFCs |
| RFC 5778 | Feb 2010 | Diameter Mobile IPv6: Support for Home Agent to Diameter Server Interaction | 4 RFCs |
| RFC 5866 | May 2010 | Diameter Quality-of-Service Application | 6 RFCs |
| RFC 5962 | Sep 2010 | Dynamic Extensions to the Presence Information Data Format Location Object (PIDF-LO) | 3 RFCs |
| RFC 5972 | Oct 2010 | General Internet Signaling Transport (GIST) State Machine | |
| RFC 5973 | Oct 2010 | NAT/Firewall NSIS Signaling Layer Protocol (NSLP) | 6 RFCs |
| RFC 5980 | Mar 2011 | NSIS Protocol Operation in Mobile Environments | |
| RFC 5981 | Feb 2011 | Authorization for NSIS Signaling Layer Protocols | 1 RFC |
| RFC 5998 | Sep 2010 | An Extension for EAP-Only Authentication in IKEv2 | 3 RFCs |
| RFC 6023 | Oct 2010 | A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA) | 3 RFCs |
| RFC 6124 | Feb 2011 | An EAP Authentication Method Based on the Encrypted Key Exchange (EKE) Protocol | 1 RFC |
| RFC 6155 | Mar 2011 | Use of Device Identity in HTTP-Enabled Location Delivery (HELD) | 5 RFCs |
| RFC 6280 | Jul 2011 | An Architecture for Location and Location Privacy in Internet Applications | 33 RFCs |
| RFC 6444 | Jan 2012 | Location Hiding: Problem Statement and Requirements | 2 RFCs |
| RFC 6447 | Jan 2012 | Filtering Location Notifications in the Session Initiation Protocol (SIP) | 1 RFC |
| RFC 6574 | Apr 2012 | Report from the Smart Object Workshop | 6 RFCs |
| RFC 6616 | May 2012 | A Simple Authentication and Security Layer (SASL) and Generic Security Service Application Program Interface (GSS-API) Mechanism for OpenID | |
| RFC 6618 | May 2012 | Mobile IPv6 Security Framework Using Transport Layer Security for Communication between the Mobile Node and Home Agent | |
| RFC 6739 | Oct 2012 | Synchronizing Service Boundaries and <mapping> Elements Based on the Location-to-Service Translation (LoST) Protocol | 1 RFC |
| RFC 6753 | Oct 2012 | A Location Dereference Protocol Using HTTP-Enabled Location Delivery (HELD) | 2 RFCs |
| RFC 6755 | Oct 2012 | An IETF URN Sub-Namespace for OAuth | 9 RFCs |
| RFC 6772 | Jan 2013 | Geolocation Policy: A Document Format for Expressing Privacy Preferences for Location Information | 5 RFCs |
| RFC 6950 | Oct 2013 | Architectural Considerations on Application Features in the DNS | 5 RFCs |
| RFC 6973 | Jul 2013 | Privacy Considerations for Internet Protocols | 63 RFCs |
| RFC 7090 | Apr 2014 | Public Safety Answering Point (PSAP) Callback | 3 RFCs |
| RFC 7199 | Apr 2014 | Location Configuration Extensions for Policy Management | |
| RFC 7250 | Jun 2014 | Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) | 21 RFCs |
| RFC 7258 | May 2014 | Pervasive Monitoring Is an Attack | 116 RFCs |
| RFC 7295 | Jul 2014 | Report from the IAB/IRTF Workshop on Congestion Control for Interactive Real-Time Communication | 1 RFC |
| RFC 7340 | Sep 2014 | Secure Telephone Identity Problem Statement and Requirements | 11 RFCs |
| RFC 7378 | Dec 2014 | Trustworthy Location | 3 RFCs |
| RFC 7397 | Dec 2014 | Report from the Smart Object Security Workshop | 3 RFCs |
| RFC 7406 | Dec 2014 | Extensions to the Emergency Services Architecture for Dealing With Unauthenticated and Unauthorized Devices | 2 RFCs |
| RFC 7423 | Nov 2014 | Diameter Applications Design Guidelines | 2 RFCs |
| RFC 7452 | Mar 2015 | Architectural Considerations in Smart Object Networking | 7 RFCs |
| RFC 7628 | Aug 2015 | A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth | 1 RFC |
| RFC 7670 | Jan 2016 | Generic Raw Public-Key Support for IKEv2 | 1 RFC |
| RFC 7687 | Dec 2015 | Report from the Strengthening the Internet (STRINT) Workshop | 2 RFCs |
| RFC 7800 | Apr 2016 | Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs) | 6 RFCs |
| RFC 7831 | May 2016 | Application Bridging for Federated Access Beyond Web (ABFAB) Architecture | 4 RFCs |
| RFC 7840 | May 2016 | A Routing Request Extension for the HTTP-Enabled Location Delivery (HELD) Protocol | |
| RFC 7852 | Jul 2016 | Additional Data Related to an Emergency Call | 5 RFCs |
| RFC 7924 | Jul 2016 | Transport Layer Security (TLS) Cached Information Extension | 12 RFCs |
| RFC 7925 | Jul 2016 | Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things | 10 RFCs |
| RFC 7966 | Sep 2016 | Security at the Attribute-Value Pair (AVP) Level for Non-neighboring Diameter Nodes: Scenarios and Requirements | |
| RFC 8147 | May 2017 | Next-Generation Pan-European eCall | 1 RFC |
| RFC 8148 | May 2017 | Next-Generation Vehicle-Initiated Emergency Calls | 1 RFC |
| RFC 8240 | Sep 2017 | Report from the Internet of Things Software Update (IoTSU) Workshop 2016 | 3 RFCs |
| RFC 8323 | Feb 2018 | CoAP (Constrained Application Protocol) over TCP, TLS, and WebSockets | 12 RFCs |
| RFC 8392 | May 2018 | CBOR Web Token (CWT) | 9 RFCs |
| RFC 8477 | Oct 2018 | Report from the Internet of Things (IoT) Semantic Interoperability (IOTSI) Workshop 2016 | |
| RFC 8628 | Aug 2019 | OAuth 2.0 Device Authorization Grant | 1 RFC |
| RFC 8707 | Feb 2020 | Resource Indicators for OAuth 2.0 | 4 RFCs |
| RFC 8747 | Mar 2020 | Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) | 6 RFCs |
| RFC 8876 | Sep 2020 | Non-interactive Emergency Calls | |
| RFC 9019 | Apr 2021 | A Firmware Update Architecture for Internet of Things | 2 RFCs |
| RFC 9124 | Jan 2022 | A Manifest Information Model for Firmware Updates in Internet of Things (IoT) Devices | 1 RFC |
| RFC 9146 | Mar 2022 | Connection Identifier for DTLS 1.2 | 4 RFCs |
| RFC 9147 | Apr 2022 | The Datagram Transport Layer Security (DTLS) Protocol Version 1.3 | 28 RFCs |
| RFC 9200 | Aug 2022 | Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) | 8 RFCs |
| RFC 9397 | Jul 2023 | Trusted Execution Environment Provisioning (TEEP) Architecture | 1 RFC |
| RFC 9459 | Sep 2023 | CBOR Object Signing and Encryption (COSE): AES-CTR and AES-CBC |
Active Internet-Drafts (26)
- draft-tuexen-tsvwg-rfc4895-bis
- draft-tschofenig-rats-psa-token
- draft-ietf-suit-mud
- draft-ietf-uta-tls13-iot-profile
- draft-ietf-suit-firmware-encryption
- draft-ftbs-rats-msg-wrap
- draft-ietf-teep-protocol
- draft-mt-ufmrg-teep-sample
- draft-ietf-tls-dtls-rrc
- draft-ietf-suit-manifest
- draft-mattsson-tls-super-jumbo-record-limit
- draft-mattsson-tls-compact-ecc
- draft-ounsworth-rats-x509-evidence
- draft-fossati-tls-attestation
- draft-ietf-tls-ctls
- draft-tschofenig-oauth-attested-dclient-reg
- draft-ietf-cose-key-thumbprint
- draft-tschofenig-lamps-nonce-cmp-est
- draft-tschofenig-jose-cose-guidance
- draft-ietf-cose-hpke
- draft-rha-jose-hpke-encrypt
- draft-ietf-lamps-csr-attestation
- draft-hofmann-wimse-workload-identity-bcp
- draft-tuexen-tsvwg-rfc6083-bis
- draft-bft-rats-kat
- draft-lior-radius-prepaid-extensions
Expired Internet-Drafts (229)
- draft-tschofenig-core-early-data-option
- draft-tschofenig-rats-aiss-token
- draft-friel-tls-atls
- draft-tschofenig-tls-cwt
- draft-shaw-rats-rear
- draft-tschofenig-core-senml-lbn
- draft-ietf-teep-opentrustprotocol
- draft-ietf-oauth-pop-key-distribution
- draft-tschofenig-ace-group-communication-security
- draft-moore-iot-security-bcp
- draft-mavrogiannopoulos-tls-cid
- draft-ietf-oauth-signed-http-request
- draft-fossati-tls-iot-optimizations
- draft-ietf-oauth-pop-architecture
- draft-fossati-core-server-name-id
- draft-korhonen-dime-e2e-security
- draft-ietf-oauth-closing-redirectors
- draft-ietf-atoca-cap
- draft-maler-ace-oauth-uma
- draft-oauth-sanso-open-redirector
- draft-fossati-dtls-over-gsm-sms
- draft-winterbottom-ecrit-priv-loc
- draft-ietf-lwig-tls-minimal
- draft-tschofenig-ace-overview
- draft-tschofenig-oauth-hotk
- draft-ietf-oauth-v2-http-mac
- draft-tschofenig-iab-webpki-evolution
- draft-tschofenig-perpass-surveillance
- draft-ietf-ipsecme-oob-pubkey
- draft-tschofenig-dime-overload-arch
- draft-tschofenig-dime-dlba
- draft-tschofenig-dime-overload-piggybacking
- draft-rosen-ecrit-ecall
- draft-ietf-mmusic-media-path-middleboxes
- draft-korhonen-dime-ovl
- draft-tschofenig-dime-keying-database
- draft-tschofenig-oauth-audience
- draft-campbell-dime-overload-data-analysis
- draft-tschofenig-oauth-security
- draft-cooper-iab-secure-origin
- draft-tschofenig-secure-the-web
- draft-lumbreras-ees-urn
- draft-tschofenig-hourglass
- draft-tschofenig-post-standardization
- draft-jones-diameter-abfab
- draft-ietf-atoca-requirements
- draft-tschofenig-ecrit-xmpp-es
- draft-nir-tls-eap
- draft-mrw-abfab-multihop-fed
- draft-patil-mext-mip6issueswithipsec
- draft-barnes-atoca-cap-mime
- draft-cooper-web-tracking-opt-outs
- draft-rosen-atoca-cap
- draft-haddad-alien-threat-model
- draft-barnes-geopriv-policy-uri
- draft-ietf-sip-saml
- draft-tschofenig-oauth-signature-thoughts
- draft-morris-policy-cons
- draft-barnes-ecrit-policy
- draft-stiemerling-alto-dns-discovery
- draft-tschofenig-moonshot-ps
- draft-huang-dime-pcn-collection
- draft-lear-ietf-sasl-openid
- draft-rosen-atoca-server-discovery
- draft-tschofenig-conex-ps
- draft-winterbottom-ecrit-direct
- draft-norreys-ecrit-authority2individuals-requirements
- draft-tschofenig-rai-reducing-delays
- draft-winterbottom-dime-param-query
- draft-garcia-geopriv-indirect-publish
- draft-winterbottom-geopriv-held-context
- draft-tschofenig-ecrit-rfc5222bis
- draft-fajardo-dime-dcc-test-suite
- draft-fajardo-dime-misc-app-test-suite
- draft-fajardo-dime-base-test-suite
- draft-rosen-sipping-cap
- draft-rosen-ecrit-lost-early-warning
- draft-bajko-arcband-shape
- draft-nir-ike-nochild
- draft-romascanu-diameter-cmd-iana
- draft-tschofenig-geopriv-dhcp-circle
- draft-linsner-geopriv-adminspecific
- draft-garcia-simple-indirect-presence-publish
- draft-ietf-mip6-radius
- draft-wing-sipping-srtp-key
- draft-yegin-eap-boot-rfc3118
- draft-tschofenig-sipping-framework-spit-reduction
- draft-tschofenig-sipping-spit-policy
- draft-sheffer-ipsec-failover
- draft-froment-sipping-spit-requirements
- draft-winterbottom-sip-location-package
- draft-ietf-mmusic-sdp-dtls
- draft-tschofenig-hiprg-host-identities
- draft-tschofenig-mip6-ice
- draft-tschofenig-sipping-captcha
- draft-schwartz-sip-e164-ownership
- draft-wing-sipping-spam-score
- draft-darilion-sip-e164-enum
- draft-niccolini-sipping-spam-feedback
- draft-werner-nsis-natfw-nslp-statemachine
- draft-wing-behave-nat-control-stun-usage
- draft-fu-nsis-qos-nslp-statemachine
- draft-tschofenig-hiprg-hip-natfw-traversal
- draft-pashalidis-nsis-gimps-nattraversal
- draft-pashalidis-nsis-gist-legacynats
- draft-eggert-middlebox-control-survey
- draft-tschofenig-ecrit-architecture-overview
- draft-tschofenig-geopriv-http-using-protocol
- draft-tschofenig-hip-ice
- draft-tschofenig-radext-qos
- draft-otto-emu-eap-tls-psk
- draft-tschofenig-hiprg-hip-srtp
- draft-tschofenig-dhc-lost-discovery
- draft-tschofenig-nsis-gist-security
- draft-guenther-geopriv-policy-caps
- draft-schilcher-mobike-trigger-api
- draft-tschofenig-avt-rtp-dtls
- draft-fries-sipping-identity-enterprise-scenario
- draft-tschofenig-enroll-bootstrapping-saml
- draft-tschofenig-mip6-aaa-ha-diameter
- draft-tschofenig-ecrit-security-threats
- draft-tschofenig-omipv6-multihoming
- draft-tschofenig-enroll-next-steps
- draft-boehmer-simple-service-identification
- draft-tschofenig-mip6-bootstrapping-pana
- draft-nagarajan-multi6-comparison
- draft-aoun-nsis-nslp-natfw-migration
- draft-guenther-radext-ppebc
- draft-groeting-eap-netselection-results
- draft-tschofenig-nsis-natfw-security-problems
- draft-tschofenig-geopriv-radius-lo
- draft-tschofenig-nsis-qos-ext-authz
- draft-tschofenig-pana-bootstrap-kerberos
- draft-jones-radius-geopriv
- draft-tschofenig-pana-bootstrap-rfc3118
- draft-tschofenig-rsvp-doi
- draft-tschofenig-geopriv-authz
- draft-tschofenig-nsis-qos-authz-issues
- draft-tschofenig-nsis-sid
- draft-tschofenig-geopriv-authz-policies
- draft-tschofenig-nsis-casp-midcom
- draft-tschofenig-nsis-aaa-issues
- draft-tschofenig-pana-framework
- draft-fu-rsvp-multicast-analysis
- draft-tschofenig-nsis-threats
- draft-tschofenig-rsvp-sec-properties