UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9345

Delegated Credentials for TLS and DTLS

active, Most Current
Organization: IETF
Publication Date: 1 July 2023
Status: active
Page Count: 17
scope:

The organizational separation between operators of TLS and DTLS endpoints and the certification authority can create limitations. For example, the lifetime of certificates, how they may be used, and the algorithms they support are ultimately determined by the Certification Authority (CA). This document describes a mechanism to overcome some of these limitations by enabling operators to delegate their own credentials for use in TLS and DTLS without breaking compatibility with peers that do not support this specification.

Document History

RFC 9345
July 1, 2023
Delegated Credentials for TLS and DTLS
The organizational separation between operators of TLS and DTLS endpoints and the certification authority can create limitations. For example, the lifetime of certificates, how they may be used, and...

References

This document references:
IETF RFC 3820 - Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile
Published by IETF on June 1, 2004
This document forms a certificate profile for Proxy Certificates, based on X.509 Public Key Infrastructure (PKI) certificates as defined in RFC 3280, for use in the Internet. The term Proxy...
This document references:
IETF RFC 8446 - The Transport Layer Security (TLS) Protocol Version 1.3
Published by IETF on August 1, 2018
This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent...
This document references:
IETF RFC 8555 - Automatic Certificate Management Environment (ACME)
Published by IETF on March 1, 2019
Public Key Infrastructure using X.509 (PKIX) certificates are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certification authorities (CAs)...
This document references:
RFC 9147 - The Datagram Transport Layer Security (DTLS) Protocol Version 1.3
Published by IETF on April 1, 2022
Abstract This document specifies version 1.3 of the Datagram Transport Layer Security (DTLS) protocol. DTLS 1.3 allows client/server applications to communicate over the Internet in a way that is...
This document references:
ITU-T X.680 - Information technology – Abstract Syntax Notation One (ASN.1): Specification of basic notation
Published by ITU-T on August 1, 2015
This Recommendation | International Standard provides a standard notation called Abstract Syntax Notation One (ASN.1) that is used for the definition of data types, values, and constraints on data...
This document references:
ITU-T X.690 - Information technology – ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER)
Published by ITU-T on August 1, 2015
This Recommendation | International Standard specifies a set of basic encoding rules that may be used to derive the specification of a transfer syntax for values of types defined using the notation...
View Less
View All
Advertisement