Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) (RFC7250)
Original Publication Date: 2014-Jun-01
Included in the Prior Art Database: 2014-Jun-27
Internet Society Requests For Comment (RFCs)
P. Wouters: AUTHOR [+7]
Traditionally, TLS client and server public keys are obtained in PKIX containers in-band as part of the TLS handshake procedure and are validated using trust anchors based on a [PKIX] certification authority (CA). This method can add a complicated trust relationship that is difficult to validate. Examples of such complexity can be seen in [Defeating-SSL]. TLS is, however, also commonly used with self-signed certificates in smaller deployments where the self-signed certificates are distributed to all involved protocol endpoints out- of-band. This practice does, however, still require the overhead of the certificate generation even though none of the information found in the certificate is actually used.
Internet Engineering Task Force (IETF) P. Wouters, Ed. Request for Comments: 7250 Red Hat Category: Standards Track H. Tschofenig, Ed. ISSN: 2070-1721 ARM Ltd. J. Gilmore Electronic Frontier Foundation S. Weiler Parsons T. Kivinen INSIDE Secure June 2014
Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
This document specifies a new certificate type and two TLS extensions for exchanging raw public keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The new certificate type allows raw public keys to be used for authentication.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7250.
al. Standards Track [Page 1]
RFC 7250 Using Raw Public Keys in TLS/DTLS June 2014
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents careful...