Exported Authenticators in TLS
RFC 9261, “Exported Authenticators in TLS”, is a Proposed Standard document published in July 2022 by N. Sullivan. The canonical text is published by the RFC Editor.
Abstract
This document describes a mechanism that builds on Transport Layer Security (TLS) or Datagram Transport Layer Security (DTLS) and enables peers to provide proof of ownership of an identity, such as an X.509 certificate. This proof can be exported by one peer, transmitted out of band to the other peer, and verified by the receiving peer.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9261 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9260 Stream Control Transmission Protocol
- RFC 9262 Tree Engineering for Bit Index Explicit Replication
- RFC 9259 Operations, Administration, and Maintenance in Segment Routing over IPv6
- RFC 9263 Network Service Header Metadata Type 2 Variable-Length Context Headers
- RFC 9258 Importing External Pre-Shared Keys for TLS 1.3
- RFC 9264 Linkset: Media Types and a Link Relation Type for Link Sets
- RFC 9257 Guidance for External Pre-Shared Key Usage in TLS
- RFC 9265 Forward Erasure Correction Coding and Congestion Control in Transport