Delegated Credentials for TLS and DTLS
RFC 9345, “Delegated Credentials for TLS and DTLS”, is a Proposed Standard document published in July 2023 by R. Barnes, S. Iyengar, N. Sullivan, E. Rescorla. The canonical text is published by the RFC Editor.
Abstract
The organizational separation between operators of TLS and DTLS endpoints and the certification authority can create limitations. For example, the lifetime of certificates, how they may be used, and the algorithms they support are ultimately determined by the Certification Authority (CA). This document describes a mechanism to overcome some of these limitations by enabling operators to delegate their own credentials for use in TLS and DTLS without breaking compatibility with peers that do not support this specification.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 9345 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9344 CCNinfo: Discovering Content and Network Information in Content- Centric Networks
- RFC 9346 IS-IS Extensions in Support of Inter-Autonomous System MPLS and GMPLS Traffic Engineering
- RFC 9347 Aggregation and Fragmentation Mode for Encapsulating Security Payload and Its Use for IP Traffic Flow Security
- RFC 9348 A YANG Data Model for IP Traffic Flow Security
- RFC 9349 Definitions of Managed Objects for IP Traffic Flow Security
- RFC 9340 Architectural Principles for a Quantum Internet
- RFC 9350 IGP Flexible Algorithm
- RFC 9351 Border Gateway Protocol - Link State Extensions for Flexible Algorithm Advertisement