Browse Prior Art Database

Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) (RFC7250) Disclosure Number: IPCOM000237603D
Original Publication Date: 2014-Jun-01
Included in the Prior Art Database: 2014-Jun-27
Document File: 36 page(s) / 38K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

P. Wouters: AUTHOR [+7]


Traditionally, TLS client and server public keys are obtained in PKIX containers in-band as part of the TLS handshake procedure and are validated using trust anchors based on a [PKIX] certification authority (CA). This method can add a complicated trust relationship that is difficult to validate. Examples of such complexity can be seen in [Defeating-SSL]. TLS is, however, also commonly used with self-signed certificates in smaller deployments where the self-signed certificates are distributed to all involved protocol endpoints out- of-band. This practice does, however, still require the overhead of the certificate generation even though none of the information found in the certificate is actually used.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 7% of the total text.

Internet Engineering Task Force (IETF)                   P. Wouters, Ed. Request for Comments: 7250                                       Red Hat Category: Standards Track                             H. Tschofenig, Ed. ISSN: 2070-1721                                                 ARM Ltd.                                                               J. Gilmore                                           Electronic Frontier Foundation                                                                S. Weiler                                                                  Parsons                                                               T. Kivinen                                                            INSIDE Secure                                                                June 2014

         Using Raw Public Keys in Transport Layer Security (TLS)               and Datagram Transport Layer Security (DTLS)


   This document specifies a new certificate type and two TLS extensions    for exchanging raw public keys in Transport Layer Security (TLS) and    Datagram Transport Layer Security (DTLS).  The new certificate type    allows raw public keys to be used for authentication.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force    (IETF).  It represents the consensus of the IETF community.  It has    received public review and has been approved for publication by the    Internet Engineering Steering Group (IESG).  Further information on    Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at

Wouters, et al.              Standards Track                    [Page 1]
 RFC 7250            Using Raw Public Keys in TLS/DTLS          June 2014

 Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents    ( in effect on the date of    publication of this document.  Please review these documents    careful...